Windows Defender marks exe file as virus

[pszypowicz]

Also the virustotal output: https://www.virustotal.com/gui/file/ff41951c3f519138bb0e61038d7155c6c38194d4d8a3304f46c67c4572ee8bec/detection

[stuartleeks]

I submitted this to the Defender team as a false positive and it has been removed:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 
 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
 3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

[pszypowicz]

And it worked. Defender no longer removes it.
Thanks!

[stuartleeks]

Glad it worked - thanks for confirming 😃

[anaisbetts]

This is back, see https://www.virustotal.com/gui/file/4e3c8793543b96738e041946ee73118669aaaba20d2fd8310ebf5ffbb6d15928/detection - Windows 11 is now removing this file :-/

[anaisbetts]

Yeah......I kinda get why Windows Defender keeps flagging this file, Go loads all APIs dynamically via LoadLibrary / GetProcAddress, from a debugger perspective it looks suuuuuuper shady