This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
MS Defender blocks 'Serious threat' when running log4jscanwin #7
Comments
|
Was it triggered from one of the binaries we supplied? Or did you build it yourself? |
|
From your binary. It runs for about 25 seconds "Scanning c:" and then it comes up. |
|
Useless side note that may or may not help: |
|
Quick feedback : I had no problem in running the program on win 10 with SentinelOne av. |
|
I had no problems running this (1.2.17) yesterday on Win10 with Defender for Endpoints |
|
Thanks for the tests guys. I went ahead and went a little deeper today.
|
|
I suspect the ransomware behavior detection component of Windows 11 noticed the sequential traversal of the file system as something to block. It appears our code-signing certificate isn't enough to overcome the suspicion of Windows Defenders scoring system on Windows 11. That is rather annoying. |
|
I am getting a similar message from Defender when running on Windows 11. It is saying the program is putting a file in the temp folder of AppData. |
|
Symantec Endpoint Protection also blocks the tool: |
This issue was moved to a discussion.
You can continue the conversation there. Go to discussion →
Hello,
Your tool is triggering AV's. I tried looking through your code but could not find anything suspicious at a glance, therefor this submit.
What it finds is the following:
It says: Serious threat, blocked and removed.
Hope it helps.
The text was updated successfully, but these errors were encountered: