Replies: 4 comments
-
|
Thanks @Jean-Roc for raising up this report. The WMI use (through https://github.com/jcarswell/pyad) is related to the feature that look into Active Directory to deploy profiles conditionally to the end-user's groups. Since QDT is open source, the code can be audited to make ITself count there is no trojan behavior inside. Furthermore, we already passed through IT checks by:
We also recommend to sign the executable with an internal one: https://guts.github.io/qgis-deployment-cli/guides/howto_windows_sign_executable.html. Is it possible to discuss the sticking points? We could, for example, consider disabling active directory-related functionalities with a configuration flag. |
Beta Was this translation helpful? Give feedback.
-
|
Hi, thank you very much for those details and your proposal, I'm waiting on their feedback to see if our IT team accepts to get past the "trojan" label. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @Jean-Roc FYI I've uploaded the latest QDT binary to https://virusscan.jotti.org:
|
Beta Was this translation helpful? Give feedback.
-
|
Thank you for this update ! I'm sharing it with my colleagues |
Beta Was this translation helpful? Give feedback.
-
Hi, the following is not an issue but an example of a failed attempt at using qlc in a french administration :
our IT dept is rejecting the use of qgis-deployment based on this automated report labeling the exe file as a "Trojan Agent". In my opinion, most (if not all) of the listed points in the "Informative" section are expected and the "Suspicious" clearly false positive.
Beta Was this translation helpful? Give feedback.
All reactions