GorillaDevs.Ferium version 4.5.2

[theRookieCoder]

• Have you signed the Contributor License Agreement?
• Have you checked that there aren't other open pull requests for the same manifest update/change?
• This PR only modifies one (1) manifest
• Have you validated your manifest locally with winget validate --manifest <path>?
• Have you tested your manifest locally with winget install --manifest <path>?
• Does your manifest conform to the 1.6 schema?

Note: <path> is the name of the directory containing the manifest you're submitting.

---

Microsoft Reviewers: Open in CodeFlow

[wingetbot]

   

[wingetbot]

/AzurePipelines run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[theRookieCoder]

@microsoft-github-policy-service agree

[theRookieCoder]

I'm getting issues with windows defender locally too. After whitelisting the file I'm able to install it and it works fine.

[stephengillie]

Hi @theRookieCoder,

The package didn't pass a Defender or similar security scan. This might be a false positive and we can rescan tomorrow.

(Automated response - build 821.)

[stephengillie]

Automatic Validation ended with:

Installation failed with exit code -1978335187 2024-02-24 00:51:53.272 [FAIL] Installer failed security check. Url: https://github.com/gorilla-devs/ferium/releases/download/v4.5.2/ferium-windows-msvc.zip Result: 0x80004005 2024-02-24 00:51:53.272 [CLI ] Terminating context: 0x8a15002d at D:\a_work\1\s\external\pkg\src\AppInstallerCLICore\Workflows\DownloadFlow.cpp:1e6

(Automated response - build 821.)

[stephengillie]

@wingetbot run

[stephengillie]

@wingetbot run

[stephengillie]

@wingetbot run

[stephengillie]

@wingetbot run

[wingetbot]

/AzurePipelines run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[theRookieCoder]

I would like to get some help from moderation here. Firstly, this isn't a new manifest, this is an update of an existing one (have I configured something wrong?)

I also have no idea how I can resolve the validation error because it is a false positive by Windows Defender. I have already reported the false positive to Microsoft directly and have had no response.
Previous PRs (#139278 and #137742) had the same issue and the validation error was waived. Can I request the same to be done here?

[stephengillie]

Automatic Validation ended with:

Executable C:\Users\validator\AppData\Local\Microsoft\WinGet\Packages\GorillaDevs.Ferium__DefaultSource\ferium.exe returned exit code: 2
Executable C:\Users\validator\AppData\Local\Microsoft\WinGet\Links\ferium.exe returned exit code: 2

(Automated response - build 858.)

[stephengillie]

Hi @theRookieCoder.

Thanks for opening a PR.

I would like to get some help from moderation here. Firstly, this isn't a new manifest, this is an update of an existing one (have I configured something wrong?)

Each PR containing a manifest is automatically processed by our GitHub Actions into an Azure DevOps pipeline run, where the package described in the manifest is installed and scanned. The goal of this is to greatly limit the installation of compromised or otherwise potentially unwanted software (PUA).

I also have no idea how I can resolve the validation error because it is a false positive by Windows Defender.

It's subtle, but the error changed from Installation to Executable. On the latest run, it wasn't blocked by Defender. The package installed normally and launched, but gave a non-zero exit code. Sometimes, it takes the Defender teams a few hours to a few days to clear a false positive.

Previous PRs (#139278 and #137742) had the same issue and the validation error was waived. Can I request the same to be done here?

Yes, we can apply a waiver for now. Eventually, can the exit code be changed to a 0?

[stephengillie]

@wingetbot waivers Add Validation-Executable-Error

[wingetbot]

/AzurePipelines run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[theRookieCoder]

Thanks for the feedback!

The package installed normally and launched, but gave a non-zero exit code

This is a CLI application, so it expects some sort of subcommand or argument to be provided. Is there a way to tell the CI to check the version (run ferium -V) or something infallible like that to result in a non-zero error code?

[stephengillie]

From the schema, there are 2 options here:

• Commands: - I haven't seen a PR using these, so I'm not sure of the impact. In theory, switches (such as -V in your example above) are put here.
• ExpectedReturnCodes or similar - Putting 2 here might be the best option.

[wingetbot]

Publish pipeline succeeded for this Pull Request. Once you refresh your index, this change should be present.