vscodium icon indicating copy to clipboard operation
vscodium copied to clipboard

Published 20 hours ago verified publisher icon VSCodium

Sign Windows Binaries (False positive Malware)

Open Makazzz opened this issue 5 years ago • 9 comments

Each time I open VSCodium ia32 in portable mode on a Windows 10 x64 with Bitdefender; It's saying Atc4.detection or Malware detected and block it.

-[✓] This bug doesn't happen if I use Microsoft's Visual Studio Code. It only happens in VSCodium.

-[✓] I checked the Docs page and my issue is not mentioned there.

To Reproduce Steps to reproduce the behavior:

  1. Go to the root folder of the app
  2. Open VSCodium.exe ia32 version
  3. Wait to see the warning with Bitdefender stop the app and block it

falsepositive

  • OS: Windows 10
  • Architecture: x64
  • Version: 1.34.0

Makazzz avatar May 25 '19 23:05 Makazzz

Probably because this tries to upload telemetry to 0.0.0.0 and the Microsoft URLs are allowed in the anti-malware software.

JL2210 avatar May 26 '19 20:05 JL2210

Probably because this tries to upload telemetry to 0.0.0.0 and the Microsoft URLs are allowed in the anti-malware software.

But why it is doing that only in the ia32 version? I have no problem with the x64. My settings.json is this : { "telemetry.enableTelemetry": false, "telemetry.enableCrashReporter": false, "update.channel": "none", "update.mode": "manual", "update.enableWindowsBackgroundUpdates": false, "update.showReleaseNotes": false, "workbench.enableExperiments": false, "workbench.settings.enableNaturalLanguageSearch": false, "extensions.autoUpdate": false, "git.ignoreMissingGitWarning": true, }

Makazzz avatar May 26 '19 20:05 Makazzz

Microsoft force enables telemetry anyway. I'd blame it on Windows.

JL2210 avatar May 26 '19 20:05 JL2210

Pretty weird situation @Makazzz -- I will try to reproduce it on my Windows machine and figure out what exactly it is reacting to. Thanks for reporting!!

stripedpajamas avatar May 26 '19 20:05 stripedpajamas

Is the windows binary codesigned? Distribution windows binaries without (preferably EV certificate) is world of hurt, as everything flaggs it as malware. And even with certificate there are still often heaps of false positives.

knopp avatar May 28 '19 07:05 knopp

The Windows binary is not being codesigned at this time. I should prioritize that if it would help with malware false positives.

stripedpajamas avatar May 28 '19 15:05 stripedpajamas

Information: I can't test this problem anymore because I uninstalled Bitdefender.

Makazzz avatar Oct 29 '19 14:10 Makazzz

@stripedpajamas wrote:

The Windows binary is not being codesigned at this time. I should prioritize that if it would help with malware false positives.

It definitely would. Ideally both the executable and the installer exe+msi would use the same code sign

GitMensch avatar Oct 12 '20 09:10 GitMensch

Just adding the reference: #527 (already closed, but found first in my search).

GitMensch avatar Sep 10 '21 09:09 GitMensch

@daiyam Closed, so the installer and executables are now signed?

GitMensch avatar Sep 27 '22 16:09 GitMensch

no, I've closed it because of "False positive Malware"

daiyam avatar Sep 27 '22 17:09 daiyam

Then the "old issue of signing the codium executable and the installer (however this may work) is still open, I'd suggest to keep track of code signing certificate issues here.

GitMensch avatar Sep 27 '22 18:09 GitMensch

reopening it to keep track of code-signing here.

GitMensch avatar Feb 27 '23 11:02 GitMensch