pagerduty-cli icon indicating copy to clipboard operation
pagerduty-cli copied to clipboard
verified publisher icon martindstone

MS Defender exclusion

Open galitz opened this issue 3 years ago • 2 comments

Hi. A recent install of the Win x64 version of this app triggered an EDR alert:

"C:\WINDOWS\system32\cmd.exe" /C powershell -ExecutionPolicy Bypass -Command "& {Add-MpPreference -ExclusionPath "C:\Users\USER\AppData\Local\pagerduty-cli"}" -FFFeatureOff

It appears to be trying to exclude itself from MS Defender. Why is that?

galitz avatar Nov 23 '22 18:11 galitz

Hi @galitz, I am not sure off hand; the .exe installer is generated by the oclif framework and I haven't looked into the specifics of how it makes the MSI. If in doubt, you could use npm install -g pagerduty-cli instead -- would that be ok?

martindstone avatar Nov 23 '22 21:11 martindstone

Hi again @galitz - I found the relevant line in the oclif framework's installer generator here. We would have to open an issue against this repo (and ideally submit a PR) in order to get this addressed.

Since I am not a Microsoft Windows expert, can you help me understand the impact of this? Does it prevent you from using the installer to install the CLI if you don't want to accept this exclusion?

martindstone avatar Jan 03 '23 14:01 martindstone