Scoop icon indicating copy to clipboard operation
Scoop copied to clipboard

Published 20 hours ago verified publisher icon ScoopInstaller

[Bug] All shims reported as malware

Open joaoricarte opened this issue 1 year ago • 3 comments
trafficstars

Bug Report

Current Behavior

All shims created after 18/04/2024 are being reported as malware, specifically HEUR.AdvML.B by Symantec Endpoint Protection. It only affects the files in the shims folder: %USERPROFILE%\scoop\shims\

Expected Behavior

Shims not being identified as malware.

Additional context/output

Symantec Endpoint Protection Version 14.3 RU8 build 10148 (14.3.10148.8000) scoop version: 0.4.0 Screenshot 2024-04-19 104835 Screenshot 2024-04-19 104902

Possible Solution

System details

Windows version: 10 (22h2)

OS architecture: 64bit

PowerShell version: 7.4.2 Additional software: Symantec Endpoint Protection version: 14.3 RU8 build 10148 (14.3.10148.8000) scoop version: 0.4.0

Scoop Configuration

{
  "aria2-enabled": true,
  "last_update": "2024-04-19T10:26:29.6173068+01:00",
  "alias": {
    "wsa": "scoop-wsa",
    "updheld": "scoop-updheld"
  },
  "scoop_repo": "https://github.com/ScoopInstaller/Scoop",
  "scoop_branch": "master"
}

joaoricarte avatar Apr 19 '24 09:04 joaoricarte

I believe it relates to #5730, the patched shim was reported a false positive

chawyehsu avatar Apr 19 '24 10:04 chawyehsu

I believe it relates to #5730, the patched shim was reported a false positive

It seems related.

joaoricarte avatar Apr 19 '24 10:04 joaoricarte

though this issue was filed earlier, but that one has more input over there. so, if these issues are duplicates, then i'd suggest closing this one in favour of that one.

  • https://github.com/ScoopInstaller/Scoop/issues/5915

goyalyashpal avatar May 09 '24 18:05 goyalyashpal