Windows Defender detects images/win/scripts/Installers/Configure-Antivirus.ps1 as Trojan:Win32/BatTamper.A

[voltagex]

Description

I have reported a false positive via the public portal (https://www.microsoft.com/en-us/wdsi/filesubmission/) but maybe someone at Microsoft can get this fixed sooner. I realise this isn't a great bug report and is not technically related to the runner images.

Submission ID: 17ec65f6-90b3-48f6-ad71-5404dce39daa

Platforms affected

• Azure DevOps
• GitHub Actions - Standard Runners
• GitHub Actions - Larger Runners

Runner images affected

• Ubuntu 20.04
• Ubuntu 22.04
• macOS 11
• macOS 12
• macOS 13
• Windows Server 2019
• Windows Server 2022

Image version and build link

Is it regression?

Expected behavior

Windows Defender does not repeatedly spam me with notifications about a "severe" problem

Actual behavior

Windows Defender repeatedly spams me with notifications about a "severe" problem

Repro steps

Grab a copy of the repo on a Windows 11 box with up to date definitions (1.399.1075.0) and run a scan.

[voltagex]

🤣
https://www.microsoft.com/en-us/wdsi/submission/17ec65f6-90b3-48f6-ad71-5404dce39daa

We have determined that the files meet our criteria for malware. At this time the detection will remain in place.
More detailed information about the approach and criteria categories currently used by the Microsoft researchers are available
here:
https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria
Thank you for contacting Microsoft.

[ilia-shipitsin]

let's see what we can do

[ilia-shipitsin]

maybe "disabling defender" is considered as a malware activity

[ilia-shipitsin]

I've submitted sample

[ilia-shipitsin]

during submission file has been examined, no threat found

let's wait for final decision

[ilia-shipitsin]

detection was removed from database, I'm closing the issue