sysinfo icon indicating copy to clipboard operation
sysinfo copied to clipboard

Published 20 hours ago verified publisher icon GuillaumeGomez

Flagged as Trojan with Windows Defender

Open LouisVallat opened this issue 1 year ago • 3 comments

Each time I add this crate and build a windows executable (release or debug), my program gets flagged as Trojan by Windows Defender.

The only way to get the executable to pass Windows Defender is to remove this crate from my program.

I can provide as much details as needed, don't hesitate to ask for more if necessary.

Have a nice day, Louis

LouisVallat avatar Jun 12 '23 12:06 LouisVallat

I have no knowledge about how Windows Defender works and what makes it consider this crate as a trojan and I honestly have no clue where to look for that...

GuillaumeGomez avatar Jun 12 '23 12:06 GuillaumeGomez

I found out that NtQuerySystemInformation (which sysinfo uses to retrieve processes) might trigger this. Not much that can be done here though...

GuillaumeGomez avatar Jul 21 '23 16:07 GuillaumeGomez

Windows Defender always treats any unknown executable as Trojan. You have two options, flag it as Safe. Defender will not do that again if there are more people doing the same; or you can sign you executable.

WalterYongtaoWang avatar Aug 06 '24 00:08 WalterYongtaoWang