-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Attempt to prevent false positive detections by Windows Defender #443
Conversation
~ psh
> cd "\\wsl.localhost\Ubuntu-22.04\home\kachick\repos\dotfiles"
kachick\repos\dotfiles via 🐹 v1.22.1 psh
> go build
go: RLock go.mod: Incorrect function. |
cp -r "\\wsl.localhost\Ubuntu-22.04\home\kachick\repos\dotfiles" .\tmp\
cd .\tmp\dotfiles\
go build -o dist ./...
& "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File .\dist\winit-conf.exe
Scan starting...
CmdTool: Failed with hr = 0x80508023. Check C:\Users\YOU\AppData\Local\Temp\MpCmdRun.log for more information |
dotfiles rebel-for-ms-cop(e385403) ≡via 🐹 v1.22.1 psh
! & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\mksym.exe"
Scan starting...
Scan finished.
Scanning C:\Users\YOU\tmp\dotfiles\dist\mksym.exe found no threats.
dotfiles rebel-for-ms-cop(e385403) ≡via 🐹 v1.22.1 psh
! & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-conf.exe"
Scan starting...
Scan finished.
Scanning C:\Users\YOU\tmp\dotfiles\dist\winit-conf.exe found no threats.
dotfiles rebel-for-ms-cop(e385403) ≡via 🐹 v1.22.1 psh
> & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File "$(pwd)\dist\winit-reg.exe"
Scan starting...
Scan finished.
Scanning C:\Users\YOU\tmp\dotfiles\dist\winit-reg.exe found no threats. |
💭 Getting GitHub artifact needs the auth header https://docs.github.com/ja/rest/actions/artifacts?apiVersion=2022-11-28#get-an-artifact, I want release #417 |
https://github.com/kachick/dotfiles/actions/runs/8183096127/job/22375449050
🤔 Why skipped the 👮♂️ |
🎉
💭 But ... why detected in my client with same logic binary... |
Still detect for this zip 😠 |
Looks different with my local How to use AddDynamicSignature? https://github.com/MicrosoftDocs/microsoft-365-docs/blob/72fee082b7dd7f5549ee2f4d50563810e6f4aafc/microsoft-365/security/defender-endpoint/command-line-arguments-microsoft-defender-antivirus.md?plain=1#L66 |
& "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -DynamicSignatures It removes all dynamic signatures and Then my artifact will not be detected as CI, so this is the guilty reason... |
|
|
|
https://github.com/kachick/dotfiles/actions/runs/8188096063 detect - 956b773 956b773...8eca3a6 ??? 🤷♂️ Hmm... if #444 (comment) Maybe he works for us as a linter 🤣 🙄 Then I wish to use it as a CLI... |
ResolvesCloses #442