Binary detected as Trojan:Win32/Skeeyah.A!MTB by Windows Defender

[pnijjar]

Windows Defender has detected the busdog_x64.exe as malware in two different ways.

On my work computer it detects it as Trojan:Win32/Skeeyah.A!mtb . It did this yesterday.

On VirusTotal it detects it as PUA:Win32/Creprote : https://www.virustotal.com/gui/file/915dd057ccb67cf6e4197b93348c3832e1c8cc49a1371790b52c2fbd7720f170/detection

My guess is that the VirusTotal detection will change once it gets new virus signatures?

Obviously this frightens me, but if it is just an artifact of your build process then my guess is other people will notice as well. Windows Defender is a pretty common antivirus given that it is built into Windows 10.

[djpnewton]

most likely someone has packaged our binary into their malware causing the false positive

[FransOv]

Be careful not to let Windows Defender remove BusDog. It screwed up the registry of my computer when I selected remove in such a way that none of the usb devices worked anymore. I had to use remote desktop to log in and roll back the registry to get my system working again.

[CorvoApp]

This has not been patched yet, still messing up the windows registry if Windows Defender remove the driver itself. Luckily my computer was a laptop and was able to still use the laptop keyboard (as other USB devices stopped working along with the laptop touchpad???) to remove the driver software manually (add/remove programs -> busdog driver). Also another very annoying side effect: laptop fans started spinning at max speed, tried rebooting but did not solve it, only a power off did solve the issue. Probably rebooting still keeps some drivers software running.

[kustusch]

Same here, Windows Defender detects "PUA:Win32/Creprote"