windows defender remove D:\Support\Scoop\apps\flow-launcher\current\app-1.13.0\UserData\Plugins\Steam Search-8.1.0\run.exe about steam-search HOT 10 CLOSED

Good news! I just got a report back from MS and they cleared the executable.

I'll share a screen shot when I'm back at my computer.

from steam-search.

Same here, updated the plugin and Windows Defender detected run.exe as the treat Trojan:Win32/Wacatac.H!ml.

Report from VirusTotal for Steam Search-8.1.0.zip:

https://www.virustotal.com/gui/file/390b4e7716592ac4e433601dc6252878f2bbcb2b777d1704729da8a0a79bf64b?nocache=1

from steam-search.

Sorry I can only assume the executable being named: "run.exe" is some how triggering a false positive with windows defender.

I'll have test version with a name change to see if this helps.

EDIT: This is not the case. Its how the plugin is being compiled and is not signed with a certificate.

from steam-search.

Sadly it looks like a common issue: https://plainenglish.io/blog/pyinstaller-exe-false-positive-trojan-virus-resolved-b33842bd3184

@scharmach What version did you update from?

from steam-search.

@Garulf I don't really remember and since I couldn't find anything in the logs, I had a look at the creation date of the Steam Search folder here: %AppData%\FlowLauncher\Settings\Plugins. There it says that the folder was created on September 9, 2022.

Comparing this with the releases, I must still have been on version 5.0.0, which was released on September 8, 2022.

Since the plugin updates only appear at the bottom of the Plugin Store and you are not notified about them, I only noticed that updates were available at all when I updated Flow Launcher to 1.14.0. Therefore, my version was already quite old ...

from steam-search.

@scharmach Does the Minecraft Multi Launcher plugin also trigger Windows defender? If so I could adjust this plugin to use a similar method to avoid false positive detection.

from steam-search.

@Garulf I don't have the Minecraft Multi Launcher plugin installed and I'm not sure if I want to test this. Sure, this might only be a false positive, but I would prefer not to trigger Windows Defender eventually again on my system.

from steam-search.

@Garulf I don't have the Minecraft Multi Launcher plugin installed and I'm not sure if I want to test this. Sure, this might only be a false positive, but I would prefer not to trigger Windows Defender eventually again on my system.

I see, no problem. Sadly nothing is triggered on my end.

In the mean time I have sent the file to Microsoft to see if anything can be done on their end.

You’re more then welcome to send the file on your end as well (or not) via: https://www.microsoft.com/en-us/wdsi/filesubmission/

from steam-search.

If you are still having issues you can follow the analyst's recommendation:

...If the detection is still observed, follow the steps below to capture support log files from the system reporting detection.

From an elevated command prompt, change to directory "%programfiles%\windows defender" and execute mpcmdrun.exe with option GetFiles:
cd "%programfiles%\windows defender"
mpcmdrun.exe -GetFiles

All created log files will be compressed into MPSupportFiles.cab. Please send us the detected file and MPSupportFiles.cab using https://aka.ms/wdsi. We will continue the investigation once we receive the support log files.

Thank you for contacting Microsoft.

from steam-search.

Just checking in one last time, even if this is already closed, @Garulf.

I felt confident to reinstall the plugin now, but ran the files through VirusTotal again beforehand. Interestingly enough it's not triggering Windows Defender anymore, not on VirusTotal and then not on my system either. Must have been wrongly detected for only a couple of days by Microsoft then.

Thanks for your support on this and also, for making these plugins in the first place!

from steam-search.