lazygit icon indicating copy to clipboard operation
lazygit copied to clipboard
verified publisher icon jesseduffield

LazyGit is flagged as malware by Windows Security

Open hug0b opened this issue 2 years ago • 2 comments

Describe the bug Windows 10 flags lazygit 0.38.1 as malware

Trojan:Win32/Bearfoos.B!ml This program is dangerous and executes commands from an attacker. file: C:\Program Files\Lazygit\lazygit.exe

To Reproduce Install and execute lazygit 0.38.1 on Windows 10

Expected behavior Windows should not flag this program as a malware if the program isn't malicious.

Version info: lazygit 0.38.1 git version 2.38.1.windows.1

Additional context Reverting to version 0.37 seems to remove the security warning

hug0b avatar May 03 '23 11:05 hug0b

Continuing the investigation

VirusTotal reports

0.37 Windows_x86_64 - 0/69 detections 0.38 Windows_x86_64 - 0/69 detections 0.38.1 Windows_x86_64 - 1/69 detections MaxSecure: Trojan.Malware.300983.susgen

0.38.1 Source Code zip - 0/59 0.38.2 Windows_x86_64 - 1/69 detections MaxSecure: Trojan.Malware.300983.susgen

0.38.2 Windows_32-bit - 1/70 detections SecureAge - Malicious

0.38.2 Linux_x86_64 - 0/61 detections

Bitdefender does not seem to flag any version as a malware.

hug0b avatar May 04 '23 10:05 hug0b

I have no idea why it's been caught or what to do to rectify this. Does anybody have experience with Windows Security's false positives?

jesseduffield avatar May 06 '23 03:05 jesseduffield

See https://superuser.com/questions/1416678/my-own-backup-program-was-detected-as-win32-bearfoos-aml-virus It might help submitting to Microsoft

Neko-Box-Coder avatar May 13 '23 23:05 Neko-Box-Coder

Closing since it seems I don't have this warning anymore

hug0b avatar Jul 21 '23 08:07 hug0b