dlang compiled app reported as trojan

Forums

New users
- Learn
Community
- General
- Announce
Improvements
- DIP Ideas
- DIP Devel.
Ecosystem
- GDC
- LDC
- Debuggers
- IDEs
- DWT
Development
- Internals
- Issues
- Beta
- DMD
- Phobos
- Druntime
- Study
Turkish
- Genel
- Duyuru

Index » General » dlang compiled app reported as trojan

dlang compiled app reported as trojan
Oct 08, 2023 Andrea Fontana
Oct 08, 2023 Walter Bright
Oct 08, 2023 bachmeier
Oct 09, 2023 Guillaume Piolat
Oct 09, 2023 ryuukk_
Oct 10, 2023 Andrea Fontana
Oct 12, 2023 Andrea Fontana

October 08, 2023

dlang compiled app reported as trojan

Posted by Andrea Fontana

Permalink

Andrea Fontana

Permalink

Several users have reported that my app binaries are being reported as trojans by Windows Defender. They are compiled from a github action using ldc-latest.

I see this problem has appeared in the past, is there any solution/workaround/patch?

The reported trojan by user is the same reported in this issue:
https://issues.dlang.org/show_bug.cgi?id=20403

But uploading exe to Microsoft Security Intelligence, they say my exe is infected by
Trojan:Script/Sabsik.FL.A!ml

Obviously this scared the users a lot.

Andrea

October 08, 2023

Re: dlang compiled app reported as trojan

Posted by Walter Bright
in reply to Andrea Fontana

Permalink

Walter Bright

Posted in reply to Andrea Fontana

Permalink

Those malware detectors often flag non-Microsoft runtime library code as malware. What it takes to fix it is to contact the people who write the detectors.

October 08, 2023

Re: dlang compiled app reported as trojan

Posted by bachmeier
in reply to Walter Bright

Permalink

bachmeier

Posted in reply to Walter Bright

Permalink

On Sunday, 8 October 2023 at 18:59:01 UTC, Walter Bright wrote:
> Those malware detectors often flag non-Microsoft runtime library code as malware. What it takes to fix it is to contact the people who write the detectors.

They wouldn't even have to fix it. A starting point would be to give an honest error message like "Microsoft Defender has detected that this is potentially malicious software. If you don't trust the source, you should cancel the installation." Their message gives the impression that they've confirmed it to be malware even though they haven't. Given Microsoft's culture, it shouldn't be surprising they operate like that.

October 09, 2023

Re: dlang compiled app reported as trojan

Posted by Guillaume Piolat
in reply to Andrea Fontana

Permalink

Guillaume Piolat

Posted in reply to Andrea Fontana

Permalink

On Sunday, 8 October 2023 at 15:50:36 UTC, Andrea Fontana wrote:

But uploading exe to Microsoft Security Intelligence, they say my exe is infected by
Trojan:Script/Sabsik.FL.A!ml

Obviously this scared the users a lot.

You need to submit your binaries and complain that not all D software is malware. The more we do it, the more we win collectively. I do this any time a user mention an AV false positive for me. Every AV vendor has an email to send binaries as false positive.

October 09, 2023

Re: dlang compiled app reported as trojan

Posted by ryuukk_
in reply to Andrea Fontana

Permalink

ryuukk_

Posted in reply to Andrea Fontana

Permalink

On Sunday, 8 October 2023 at 15:50:36 UTC, Andrea Fontana wrote:

Several users have reported that my app binaries are being reported as trojans by Windows Defender. They are compiled from a github action using ldc-latest.

I see this problem has appeared in the past, is there any solution/workaround/patch?

The reported trojan by user is the same reported in this issue:
https://issues.dlang.org/show_bug.cgi?id=20403

But uploading exe to Microsoft Security Intelligence, they say my exe is infected by
Trojan:Script/Sabsik.FL.A!ml

Obviously this scared the users a lot.

Andrea

You need to submit the file here: https://www.microsoft.com/en-us/wdsi/filesubmission/

Tell them the stack you are using, it usually rake less than 24h to get a response back

October 10, 2023

Re: dlang compiled app reported as trojan

Posted by Andrea Fontana
in reply to ryuukk_

Permalink

Andrea Fontana

Posted in reply to ryuukk_

Permalink

On Monday, 9 October 2023 at 22:02:54 UTC, ryuukk_ wrote:

You need to submit the file here: https://www.microsoft.com/en-us/wdsi/filesubmission/

Tell them the stack you are using, it usually rake less than 24h to get a response back

I filled that form two days ago, still no replies :)

October 12, 2023

Re: dlang compiled app reported as trojan

Posted by Andrea Fontana
in reply to Andrea Fontana

Permalink

Andrea Fontana

Posted in reply to Andrea Fontana

Permalink

On Tuesday, 10 October 2023 at 06:13:23 UTC, Andrea Fontana wrote:

On Monday, 9 October 2023 at 22:02:54 UTC, ryuukk_ wrote:

You need to submit the file here: https://www.microsoft.com/en-us/wdsi/filesubmission/

Tell them the stack you are using, it usually rake less than 24h to get a response back

I filled that form two days ago, still no replies :)

I have some news.

It seems this make windows stop complaining about malware.
https://forum.dlang.org/post/xgzxmavnancrhchueifo@forum.dlang.org

So what's wrong with libcurl.dll?

Andrea

Top | Forum index | About this forum