npiperelay icon indicating copy to clipboard operation
npiperelay copied to clipboard
verified publisher icon jstarks

Windows Defender marks exe file as virus

Open pszypowicz opened this issue 5 years ago • 5 comments

Also the virustotal output: https://www.virustotal.com/gui/file/ff41951c3f519138bb0e61038d7155c6c38194d4d8a3304f46c67c4572ee8bec/detection

pszypowicz avatar Sep 23 '20 10:09 pszypowicz

I submitted this to the Defender team as a false positive and it has been removed:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 
 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
 3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

stuartleeks avatar Sep 27 '20 05:09 stuartleeks

And it worked. Defender no longer removes it. Thanks!

pszypowicz avatar Sep 27 '20 09:09 pszypowicz

Glad it worked - thanks for confirming 😃

stuartleeks avatar Sep 27 '20 10:09 stuartleeks

This is back, see https://www.virustotal.com/gui/file/4e3c8793543b96738e041946ee73118669aaaba20d2fd8310ebf5ffbb6d15928/detection - Windows 11 is now removing this file :-/

anaisbetts avatar Jul 11 '21 09:07 anaisbetts

Yeah......I kinda get why Windows Defender keeps flagging this file, Go loads all APIs dynamically via LoadLibrary / GetProcAddress, from a debugger perspective it looks suuuuuuper shady

anaisbetts avatar Jul 11 '21 10:07 anaisbetts