[Release-1.30] - Executables from k3s get flagged as malware by Azure Defender for Linux

[Slowdive-Aideron]

Environmental Info:
K3s Version:

k3s version v1.30.0+k3s1 (14549535)
go version go1.22.2

Node(s) CPU architecture, OS, and Version:
Azure VMs, RHEL 8.9 (Ootpa)
Linux app-01 4.18.0-513.24.1.el8_9.x86_64 #1 SMP Thu Mar 14 14:20:09 EDT 2024 x86_64 x86_64 x86_64 GNU/Linux

Cluster Configuration:
Test environment with 3 Servers, one of them control-plane,master

Describe the bug:
Microsoft Defender flags surten binaries in the data-dir "/var/lib/rancher/k3s/data" as Malware "Multiverze"
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan:Linux/Multiverze
The binaries i could find until now :
busybox
slirp4netns
nsenter 

Busybox : https://www.virustotal.com/gui/file/4a9bac462189db56189764f5b56033fc94c90a781706ddb109e41931dfb8887d
SHA256: 4a9bac462189db56189764f5b56033fc94c90a781706ddb109e41931dfb8887d

slirp4netns : https://www.virustotal.com/gui/file/e2759e6c759a5f6977f3e14e2bf4c156cbe8e2914a38143ca3050ddba94a5bb8
SHA256 : e2759e6c759a5f6977f3e14e2bf4c156cbe8e2914a38143ca3050ddba94a5bb8

nsenter : https://www.virustotal.com/gui/file/3d4d8a8b835ff29fdf40994690afb428d78e286ff5553452f50dad36345c0de1
SHA256: 3d4d8a8b835ff29fdf40994690afb428d78e286ff5553452f50dad36345c0de1

Steps To Reproduce:

• Installed K3s: Via ansible playbook , installation method doesn't really matter here, just unpack the binaries that are in the airgaped image

Expected behavior:

No findings

Actual behavior:

Azure Defender quarantines the files
Additional context / logs:

Microsoft MDATP Version 101.24042.0002

[brandond]

Duplicate of #9738

Please report these false positives to your AV vendor. We have no leverage to address these issues.