Issue: gsudo exits suddenly with BitDefender Antivirus

[fgimian]

Issue Description

Hey there, firstly thank you so much for making gsudo!

Unfortunately, running gsudo from PowerShell (I'm on PowerShell 7) triggers a prompt with Bitwarden Antivirus.

e.g. I'm simply running

gsudo dir

And here's the error:

I have attempted to exclude the pwsh.exe binary and even the entire scoop directory from Bitwarden but sadly the issue persists.

Steps to Reproduce

1. Install gsudo via scoop
2. Run gsudo dir in a PowerShell 7 window

Screenshots

See above

Context:

• Windows version: 21H1 (OS Build 19043.985)
• gsudo version: 0.7.3
• Bitwarden Antivirus Free: 1.0.2.21.234 (engine version 7.88949)

Thanks in advance!
Fotis

[rfay]

Note that gsudo is no longer passing the virus checks in chocolatey either, see https://community.chocolatey.org/packages/gsudo

This will prevent availability of the next release via choco, because they don't let you upgrade (by default) to something that's not passing virustotal.

I know... because ddev's windows is failing because of gsudo :( https://community.chocolatey.org/packages/ddev

[gerardog]

What needs to be done is to manually submit gsudo.exe to each antivirus website that is flagging it as a virus.
I've just submitted gsudo.exe to bitdefender via: https://www.bitdefender.com/consumer/support/answer/29358/
I've retried the virustotal test and find out that SecureAge APEX no longer flags it. :) but now Jiangmin does :(
After googling for Jiangmin: emailed them at support@jiangmin.com, now we have to wait.

Don't hesitate to submit gsudo as a false positive in any AV website.

[rfay]

Yeah, the problem is that virustotal (ALL OF THEM) blocks use with chocolatey.

From ddev/ddev#3066 (comment) :

Check this one, section 4 lists all vendors with the email addresses to send false positives to https://www.techsupportalert.com/content/how-report-malware-or-false-positives-multiple-antivirus-vendors.htm
Looks like this is currently the only option we have 😞

Since nssm and winnfsd have the same problem, I assume that these few executables, while clearly not viruses, are being used by malware.

[rfay]

Oh, good news from the Chocolatey channel on gitter, https://gitter.im/chocolatey/choco?at=60df8e1c8a40b117283efb49 -

It does not block automatic approval if there are between one and four detections. So, if a new version of a trusted package is not approved, it is five or more detections, not just one.

gsudo 0.7.3 had 3 detections. (Its approval was grandfathered in because they weren't doing all those scans back in the day though). So if the next version of gsudo is still below 5 it should be approved anyway. Unfortunately, we see more aggressive (unknown vendor) virus checking results all the time.

[gerardog]

Haven't heard back from Bitdefender nor Jiangmin. Anyway today I retested BitDefender even with Protection Shield active, using gsudo v1.0.1 and it works fine.

As a side note: Uploading a new version is kind of tedious. Windows SmartScreen flags it as "not downloaded frequently", which of course is true since it is a new version. (This for example delays the new version availability in winget). Also, the new version was not flagged by Jiangmin on VirusTotal (like v0.7.3 was), but by Cylance. So I submitted the false positive to Cylance (6 days ago), and guess what got no response either.

Today resubmitted v1.0.1 to VirusTotal and finally got score 0.

@fgimian, please update gsudo and your Bitdefender and let me know if it is working.

If still an issue on Bitdefender, or someone else arrives here with the same problem:

• Try adding an exclusion for gsudo.exe
• If that doesn't work, disable "Protection Shield" AI/heuristic detection.

[fgimian]

I'll admit that I had some further issues with Bitdefender so I reverted to Microsoft Defender that's built into Windows 10. I can at least confirm it works perfectly with that for now. I may install Bitdefender in a VM in the near future to see how it goes with gsudo after the fixes.

Huge thanks for all your help!
Fotis