Windows Defender flagging ytdlp-interface.exe as virus (Trojan:Win32/Bearfoos.A!ml)

[j2294372]

happened today when i updated windows defender

edit: only 2.7.0, just rolled back to 2.6.0 and it's not getting flagged

[parker02311]

Can confirm having this issue

[parker02311]

VirusTotal has multiple flags on multiple versions, a sandbox report of this shows it accessing: C:\Users\<USER>\AppData\Roaming\Microsoft\Windows\Cookies C:\Users\<USER>\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\ C:\Users\<USER>\AppData\Local\Microsoft\Windows\Temporary Internet Files

[ErrorFlynn]

VirusTotal has multiple flags on multiple versions, a sandbox report of this shows it accessing: C:\Users\<USER>\AppData\Roaming\Microsoft\Windows\Cookies C:\Users\<USER>\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\ C:\Users\<USER>\AppData\Local\Microsoft\Windows\Temporary Internet Files

The program uses the Win32 API functions InternetOpenA, InternetOpenUrlA, and InternetReadFile. It doesn't explicitly access those directories, but Windows does, when those functions are called.

[ErrorFlynn]

I revisited this issue to explore the possibility that there really is malware in the binaries. Who knows, maybe my system is compromised, and a devious rootkit stuffs malware in all the executables, or something. After looking at the Virus Total pages for several releases, I looked at the current version (2.12.0), and the x64 binary has 0/67 detections, while the x86 binary has 14/73 detections. Give me a break.