-
Notifications
You must be signed in to change notification settings - Fork 763
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detected as Virus/Trojan by Microsoft Defender when installed from VS code #3182
Comments
I've updated the MSAV, and the problem remains. Does this file presents real threat or it's a false positive? |
This is a false positive. This is https://github.com/golang/vscode-go/blob/master/vscgo/main.go Question for windows users: An alternative I am thinking is to package a precompiled binary with the extension, instead of letting the extension install the binary using |
Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.405.308.0) fix this issue, so it really looks like false positive. From the beginning I thought it was more likely an M$ problem. Anyway it would be nice if the golang developer team and M$ both collaborated to avoid false positives without compromising the security of the system. |
@hyangah , thanks for quick response. I think everyone here was suspecting false positive, but we needed someone to check and confirm :)
Not sure either - most likely the presence/use of binary is the trigger, not the way it was delivered... |
This will help lowering the chances of false positive. MS Defender don't like applications that install software without user interaction. |
This, coupled with signing the binary with a code signing certificate, would be the best bet: most anti-malware solutions attach reputation to both the file hash (which will vary by release) and the certificate used to sign it (which will vary much more rarely), so code signing any PEs is a really good way of avoiding reputation-based false positives. (Sadly it does come with a financial cost for the certificate, though - there's no equivalent of Let's Encrypt for code signing certs - yet!) |
Change https://go.dev/cl/565679 mentions this issue: |
Change https://go.dev/cl/565680 mentions this issue: |
And, pass `-trimpath` when building it so the executable file hash is stable. And increase the vscgo test timeout. Fixes #3182 Change-Id: Ib86bf07ddc4a89849bb778b2621268b334f3a80a Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/565679 Reviewed-by: Peter Weinberger <[email protected]> kokoro-CI: kokoro <[email protected]> Commit-Queue: Hyang-Ah Hana Kim <[email protected]> Reviewed-by: Robert Findley <[email protected]> (cherry picked from commit 0b3fabc) Reviewed-on: https://go-review.googlesource.com/c/vscode-go/+/565680 Auto-Submit: Hyang-Ah Hana Kim <[email protected]>
We are going to release v0.41.1 tomorrow. The version disables Release candidate - https://github.com/golang/vscode-go/releases/tag/v0.41.1-rc.1 #3186 is the issue to revise the release workflow and reenable vscgo. |
Extension installed from VS Code downloaded from official site (https://code.visualstudio.com/)
*:\Users***.vscode\extensions\golang.go-0.41.0\bin\vscgo.exe (MD5 c93025a0a7a7ac3db48a0333af22fd0e)
Detected: Trojan:Win32/Wacatac.B!ml
Cool.
The text was updated successfully, but these errors were encountered: