www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - dlang compiled app reported as trojan

reply Andrea Fontana <nospam example.org> writes:
Several users have reported that my app binaries are being 
reported as trojans by Windows Defender. They are compiled from a 
github action using ldc-latest.

I see this problem has appeared in the past, is there any 
solution/workaround/patch?

The reported trojan by user is the same reported in this issue:
https://issues.dlang.org/show_bug.cgi?id=20403

But uploading exe to Microsoft Security Intelligence, they say my 
exe is infected by
Trojan:Script/Sabsik.FL.A!ml


Obviously this scared the users a lot.


Andrea
Oct 08 2023
next sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
Those malware detectors often flag non-Microsoft runtime library code as 
malware. What it takes to fix it is to contact the people who write the
detectors.
Oct 08 2023
parent bachmeier <no spam.net> writes:
On Sunday, 8 October 2023 at 18:59:01 UTC, Walter Bright wrote:

 Those malware detectors often flag non-Microsoft runtime 
 library code as malware. What it takes to fix it is to contact 
 the people who write the detectors.


They wouldn't even have to fix it. A starting point would be to 
give an honest error message like "Microsoft Defender has 
detected that this is potentially malicious software. If you 
don't trust the source, you should cancel the installation." 
Their message gives the impression that they've confirmed it to 
be malware even though they haven't. Given Microsoft's culture, 
it shouldn't be surprising they operate like that.
Oct 08 2023
prev sibling next sibling parent Guillaume Piolat <first.name gmail.com> writes:
On Sunday, 8 October 2023 at 15:50:36 UTC, Andrea Fontana wrote:

 But uploading exe to Microsoft Security Intelligence, they say 
 my exe is infected by
 Trojan:Script/Sabsik.FL.A!ml


 Obviously this scared the users a lot.



You need to submit your binaries and complain that not all D 
software is malware. The more we do it, the more we win 
collectively. I do this any time a user mention an AV false 
positive for me. Every AV vendor has an email to send binaries as 
false positive.
Oct 09 2023
prev sibling parent reply ryuukk_ <ryuukk.dev gmail.com> writes:
On Sunday, 8 October 2023 at 15:50:36 UTC, Andrea Fontana wrote:

 Several users have reported that my app binaries are being 
 reported as trojans by Windows Defender. They are compiled from 
 a github action using ldc-latest.

 I see this problem has appeared in the past, is there any 
 solution/workaround/patch?

 The reported trojan by user is the same reported in this issue:
 https://issues.dlang.org/show_bug.cgi?id=20403

 But uploading exe to Microsoft Security Intelligence, they say 
 my exe is infected by
 Trojan:Script/Sabsik.FL.A!ml


 Obviously this scared the users a lot.


 Andrea


You need to submit the file here: 
https://www.microsoft.com/en-us/wdsi/filesubmission/

Tell them the stack you are using, it usually rake less than 24h 
to get a response back
Oct 09 2023
parent reply Andrea Fontana <nospam example.org> writes:
On Monday, 9 October 2023 at 22:02:54 UTC, ryuukk_ wrote:

 You need to submit the file here: 
 https://www.microsoft.com/en-us/wdsi/filesubmission/

 Tell them the stack you are using, it usually rake less than 
 24h to get a response back


I filled that form two days ago, still no replies :)
Oct 09 2023
parent Andrea Fontana <nospam example.org> writes:
On Tuesday, 10 October 2023 at 06:13:23 UTC, Andrea Fontana wrote:

 On Monday, 9 October 2023 at 22:02:54 UTC, ryuukk_ wrote:

 You need to submit the file here: 
 https://www.microsoft.com/en-us/wdsi/filesubmission/

 Tell them the stack you are using, it usually rake less than 
 24h to get a response back


 I filled that form two days ago, still no replies :)


I have some news.

It seems this make windows stop complaining about malware.
https://forum.dlang.org/post/xgzxmavnancrhchueifo forum.dlang.org

So what's wrong with libcurl.dll?

Andrea
Oct 12 2023