If you do an AOT build on Windows using .NET 9, create an EXE, and put it in a ZIP file, Windows Defender thinks the ZIP file contains a trojan: github.com/dotnet/runti... /cc @scott.hanselman.com and @blowdart.me, who might know which bits of Microsoft to bash together to get this looked into... - ThreadSky

dylanbeatt.ie • 81 days ago

If you do an AOT build on Windows using .NET 9, create an EXE, and put it in a ZIP file, Windows Defender thinks the ZIP file contains a trojan:

https://github.com/dotnet/runtime/issues/110541

/cc @scott.hanselman.com and @blowdart.me, who might know which bits of Microsoft to bash together to get this looked into...

Comments

andrewlock.bsky.social•81 days ago

cc @kevingosse.net this could explain a lot🙈

energy164.online•80 days ago

Every AoT compile on my system: 🐌

blowdart.me•81 days ago

Every time with different binaries?

dylanbeatt.ie•81 days ago

Verified with HelloWorld.exe (dotnet new console) on my Windows 10 machine, and all the Rockstar binary releases created on GitHub Actions since I upgraded the build to .NET 9 yesterday. So… yeah, looks like it.

blowdart.me•81 days ago

LOL. This'll be nice Christmas present. Asking around.

blowdart.me•81 days ago

I have been referred to someone called “The Beard”

Not even kidding.

migeel.sk•80 days ago

Last time I tried to get the Defender team interested in native AOT false positives, the email thread got a couple of +ThisPerson, +ThatPerson replies to dilute responsibility and then just crickets. None of them were The Beard, so fingers crossed. Hopefully The Beard is not busy with xmas presents

dylanbeatt.ie•80 days ago

Perhaps we should club together to get The Beard some nice beard oil as a little pre-emptive thank you for fixing it.

vm-vivisector.bsky.social•81 days ago

The Beard is the best.

buttes.dev•81 days ago

Pretty sure I have seen this at work with older .NET AOT builds... I think it was .NET 8 and either Crowdstrike or Windows Defender flagged it. It wasn't an issue at the time so I just ignored it and moved on, assuming it would be fixed at some point...

buttes.dev•81 days ago

Although that may have just been running it, not loading it into a zip file...

vm-vivisector.bsky.social•80 days ago

Please submit to https://www.microsoft.com/en-us/wdsi/filesubmission samples of files that are being improperly detected. Please send me the submission IDs of the files you send and I will see that they are directed to the right people.

vm-vivisector.bsky.social•80 days ago

@dylanbeatt.ie I have already uploaded files from your rockstar releases repository for our testing.

Comments

Posting Rules

Reply