Kaspersky identifying 5.0.2 installer and main executable as trojan

[luciodaou]

Issue Description

Kaspersky Antivirus is identifying Podman 5.0.2 windows installer as containing a trojan:

Evento: Objeto malicioso detectado
Usuário: \lucio
Tipo de usuário: Iniciador
Nome do aplicativo: msiexec.exe
Caminho do aplicativo: C:\Windows\System32
Componente: Proteção Contra Ameaças ao Arquivo
Resultado da descrição: Detectado
Tipo: Cavalo de Troia
Nome: UDS:Trojan-Downloader.Win32.Agent.xycrkr
Precisão: Exatamente
Nível de ameaça: Alto
Tipo de objeto: Arquivo
Nome do objeto: podman.msi
Caminho do objeto.: C:\Users\lucio\scoop\apps\podman\5.0.2_tmp\AttachedContainer
SHA256 de um objeto: 7782D13A50F1A181C32E468F31503A494365D5AD1AB3D9427886DE5E30055EF7
MD5 de um objeto: 3F27E0C48207CFD2E843720DE5A06FDC
Motivo: Proteção na Nuvem

If installing Podman 5.0.2 with the stand-alone installer, the installation goes well, but Kaspersky identifies podman.exe as "UDS:DangerousObject-MultiGeneric" threat:

Evento: Objeto malicioso detectado
Usuário:
Tipo de usuário: Iniciador
Nome do aplicativo: msiexec.exe
Caminho do aplicativo: C:\Windows\System32
Componente: Proteção Contra Ameaças ao Arquivo
Resultado da descrição: Detectado
Nome: UDS:DangerousObject.Multi.Generic
Precisão: Exatamente
Nível de ameaça: Alto
Tipo de objeto: Arquivo
Nome do objeto: podman.exe
Caminho do objeto.: C:\Program Files\RedHat\Podman
SHA256 de um objeto: 1DBFC814CBFBA1241CD45695570319025D615F030E6C36D9E45EDA957E675834
MD5 de um objeto: FB9ABC9A143CCB1C3D084F3D6B920FDF
Motivo: Proteção na Nuvem

This is similar to containers/podman-desktop#700 , but not with Podman Desktop.

Steps to reproduce the issue

Steps to reproduce the issue

1. Try to install podman with scoop.sh with scoop install podman or install with standalone installer.

Describe the results you received

Kaspersky identifies Podman installer and podman.exe as threats.

Describe the results you expected

Podman should be installed and run normally without issues.

podman info output

Podman can't be run as Kaspersky blocks it.

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

Win11 x64

Additional information

Never had problems before with Kaspersky and Podman.
Installation of version 5.0.1 with scoop or standalone installer works fine without issue.

[fhlmbrg]

VirusTotal:

https://www.virustotal.com/gui/file/d971484b4eb16a24d99474207806997d113177ac24ba19580b440cb6fd7a5352/details
https://www.virustotal.com/gui/file/425a8560f8e7b6e9d70818309c45fce9c072bda431eee188d5ebfe29bb0dda96/details

[Luap99]

see #14759 and #13415 and https://go.dev/doc/faq#virus

I don't see how there is anything we can do about this, unless you can show us that this is not a false positive

[Luap99]

cc @n1hility

[luciodaou]

see #14759 and #13415 and https://go.dev/doc/faq#virus

I don't see how there is anything we can do about this, unless you can show us that this is not a false positive

Thanks for the heads-up. I had no problems reinstalling 5.0.1, so I pinned the version in scoop.

Curiously, as one of the links mentions the same issue with version 4.0.2, I'm wondering if there's something with the 0.2 subversion helping to trigger antivirus software.