BizHawk 2.5 release gets quarantined by Microsoft Defender Antivirus

[patrickhlauke]

Summary

Microsoft Defender Antivirus flags the BizHawk 2.5 release download on windows as having a virus: Trojan:Win32/Emali.A!cl

The downloaded zip is usually deleted. If you're fast enough to unzip it, EmuHawk.exe and DiscoHawk.exe are deleted.

Repro

1. In Windows 10, with Defender enabled, download the 2.5 release
2. Note that Defender will delete the zip after download
3. In Settings > Virus & Threat Protection, under Protection History, see the output/reason for the deletion/quarantine.

Output

Detected: Trojan:Win32/Emali.A!cl

containerfile: C:\Users\redux\Desktop\BizHawk-2.5.0.zip
file: C:\Users\redux\Desktop\BizHawk-2.5.0.zip->DiscoHawk.exe
file: C:\Users\redux\Desktop\BizHawk-2.5.0.zip->EmuHawk.exe

Host env.

• BizHawk 2.5; Win10 (OS Build: 19041.450) / Microsoft Defender Antivirus (Security intelligence version: 1.323.424.0)

[YoshiRulz]

Duplicate of #2356, which I've unlocked in case anyone has helpful info to add. Not sure there's anything we can do about malware signatures in our executables other than recompiling with fingers crossed.

[patrickhlauke]

apologies for the dupe...searched issues, but clearly not well enough