-
Notifications
You must be signed in to change notification settings - Fork 32
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MS Defender blocks 'Serious threat' when running log4jscanwin #7
Comments
Was it triggered from one of the binaries we supplied? Or did you build it yourself? |
From your binary. It runs for about 25 seconds "Scanning c:" and then it comes up. |
Useless side note that may or may not help: |
Quick feedback : I had no problem in running the program on win 10 with SentinelOne av. |
I had no problems running this (1.2.17) yesterday on Win10 with Defender for Endpoints |
I suspect the ransomware behavior detection component of Windows 11 noticed the sequential traversal of the file system as something to block. It appears our code-signing certificate isn't enough to overcome the suspicion of Windows Defenders scoring system on Windows 11. That is rather annoying. |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Hello,
Your tool is triggering AV's. I tried looking through your code but could not find anything suspicious at a glance, therefor this submit.
What it finds is the following:
It says: Serious threat, blocked and removed.
Hope it helps.
The text was updated successfully, but these errors were encountered: