wakatime-cli icon indicating copy to clipboard operation
wakatime-cli copied to clipboard

Published 20 hours ago verified publisher icon wakatime

Sign Windows binary with digital signature

Open IzStriker opened this issue 2 years ago • 10 comments
trafficstars

I used to use WakaTime at work to track my programming time, however, the CLI tool kept getting flagged by security because it isn't signed. I would like to keep using the WakaTime service is it possible to sign the your CLI tool?

IzStriker avatar Jan 23 '23 19:01 IzStriker

What OS are you using? Would you share the report you got?

gandarez avatar Jan 23 '23 19:01 gandarez

Must be Windows.

Automatic Code-signing on Windows using GitHub Actions

alanhamlett avatar Jan 23 '23 21:01 alanhamlett

Hi, yes it's Windows 11. I'll get you the full details when I'm at work tomorrow.

IzStriker avatar Jan 23 '23 21:01 IzStriker

Hi, the exact reports I got from security were

hope you're well. We received an alert this morning that an unsigned software communicating externally to an api for a program called Wakatime. Is this regular behaviour for your device?

I'd expect that there may be other tools that could track this type of performance with the dev team, might be worth finding out if there is such a tool being used as our stance on unsigned Github software may change in the future.

Hi we have had an alert from your machine that "wakatime-cli-windows-amd64.exe" has been making connections to api.wakatime.com any idea what this is.  Many Thanks

IzStriker avatar Jan 24 '23 08:01 IzStriker

Hi, is there a verdict on this request, are you willing you support this feature?

IzStriker avatar Feb 09 '23 16:02 IzStriker

Yes, we're working on getting a cert for signing Windows builds.

alanhamlett avatar Feb 09 '23 16:02 alanhamlett

Hi all, I'd like to contribute to this issue as well. I'm on Win10 and AVG blocks wakatime-cli-windows-amd64.exe from running (stating "IDP.ARES.Generic") though does not detect when scanned, but here's the report from VT: https://www.virustotal.com/gui/file/f2d3bd662aaaa79abd5939cd5b20f0bfe982a6c97582762bc8e9de3d6d867bac (For the record, my other scanners: Immunet does not detect, nor does SpybotS&D, nor does Malwarebytes. EDIT: clarification)

I'm curious as to why some providers consider the file malicious. Any comments from the devs?

smladenoff avatar Feb 08 '24 15:02 smladenoff

Adding update here - Previous comment states MalwareBytes does not detect this, however one machine I manage uses MalwareBytes and saw this flagged for the first time beginning 5 hours ago and again in the last 15 minutes.

I can confirm that it was wakatime-cli-windows-amd64.exe and the backup which were flagged. The device running it was operating W11 Pro. The timing coincides with this change by @alanhamlett .

AlfredSimpson avatar Jul 24 '24 12:07 AlfredSimpson

Probably not related to that change, but the fact that 1 hr ago we did a release so the binary signature changed. Usually once the AV programs all see the new binary signature and start trusting it the false positives go away, but the first day of a release it's more likely to get flagged.

alanhamlett avatar Jul 24 '24 12:07 alanhamlett

That tracks - thanks for the update and great product! I cited that change as the timing matched with the first alert. Likely the second matched as well for the same reason.

AlfredSimpson avatar Jul 24 '24 13:07 AlfredSimpson