ferium icon indicating copy to clipboard operation
ferium copied to clipboard

Published 20 hours ago verified publisher icon gorilla-devs

Release v4.5.2 ferium-windows-msvc detected as Trojan:Win32/AgentTesla!ml

Open ST-DDT opened this issue 11 months ago • 1 comments

Description

Windows Defender detects the latest version as Trojan:Win32/AgentTesla!ml (malware/virus)

Steps to reproduce

  • Download file on windows
  • Try to unzip it
  • Malware scanner raises alarm

Operating System

Windows

Are you using the latest version of ferium?

  • [X] I am using the latest version of ferium

Additional Information

v4.5.1 is reportedly clean/not affected

ST-DDT avatar Feb 24 '24 09:02 ST-DDT

I have submitted this as a false positive to Microsoft, I would urge anyone encountering this to also flag this as a false positive in their antivirus program.

The detection is made by AI (as indicated by the !ml flag at the end of the detection ID) and is prone to false positives, particularly for rust programs in my experience.

theRookieCoder avatar Feb 24 '24 09:02 theRookieCoder

I believe ferium has been whitelisted by defender.

theRookieCoder avatar Mar 14 '24 13:03 theRookieCoder

FYI: 4.6.0 gets reported as Trojan:Win32/Phonzy.B!ml again - https://github.com/gorilla-devs/ferium/releases/download/v4.6.0/ferium-windows-msvc.zip

ST-DDT avatar Jun 10 '24 21:06 ST-DDT

Yes I noticed that in the winget package update, but it seems it didn't trigger in the second run? I've read a lot of rust programs being falsely flagged by defender. I think maybe because of winget package updates, the defender team does whitelist the file pretty soon.

theRookieCoder avatar Jun 11 '24 07:06 theRookieCoder

4.7.0 got flagged as well - https://github.com/microsoft/winget-pkgs/pull/157719

ST-DDT avatar Jun 13 '24 17:06 ST-DDT