Skip to content
Massimo Melina edited this page Jun 27, 2024 · 4 revisions

Problem

Some antiviruses flag HFS as a threat, even though I know for sure the files are legitimate and good. This happens mostly on Windows, where such software tends to be a bit on the scaremonger edge. This is limited to executable files, the kind of distribution most people prefer, but it's not the only one.

This probably happens for multiple reasons

  • HFS executables are not signed (a long and expensive procedure),
  • they change frequently (especially if you updates beta versions) and the first days of an update will have relatively few users,
  • most part of the file is not strictly HFS, but node.js, so the file shares a lot with many other applications, and can be confused by heuristic detections with other programs.

I've heard that HFS (version 2 at least) has been used as a tool in some malicious activities but, as any tool, it can be used for good or evil. Unaware if it was installed by the user or an attacker, some antiviruses decide to just report or even delete it.

Solutions

Solution A

A good solution is to not use executable files, but run HFS through npm/npx.

Solution B

If you don't like that, you can consider excluding the folder with hfs.exe from being scanned. Normally, it is better to exclude each new file, as it’s safer, but I’ve seen Windows Defender act without giving any feedback, wasting a lot of my time thinking of a bug when it was just deleting my files without alerting me. This doesn’t seem practical for most people. These instructions may change with the Windows version and different languages:

  • Go to Windows settings > Security > Virus & threat protection
  • Manage settings
  • Add or remove exclusion
  • Add > Folder
  • Select HFS folder

Instructions by Microsoft

Clone this wiki locally