Bitdefender detection of JSMinNPP.dll #147
Comments
|
@sunjw |
|
It's most likely the usage of internet-facing functions that's getting flagged: $ readpe --imports JSMinNPP.dll
Imported functions
# [ . . .]
Library
Name: WININET.dll
Functions
Function
Hint: 201
Name: InternetOpenW
Function
Hint: 149
Name: InternetCloseHandle
Function
Hint: 200
Name: InternetOpenUrlW
Function
Hint: 206
Name: InternetReadFile
# [ . . .]To give just one example of how dumb these heuristics really are: I usually shrink my plugin binaries with UPX (a red flag all by itself), yet the zipball still gets a clean rating. |
|
Just a clear false positive. And if you are still concerned, I suggest you use Visual Studio Code. VSC has a much better security model. JSTool for VSC is written purely in JS, the package released on VSC extension market is the same as the code in this repo. You can compare codes line by line. |
Earlier today as I opened Notepad++ I got an error message from Notepad++ about JSMinNPP.dll, and Bitdefender lit up and flagged the dll as Gen:Variant.Tedy.504791
I also checked out the downloads page from source forge and noticed that it was also blocked, with Bitdefender detecting the zip file as Trojan.GenericKD.70772555
Here's the Virustotal report for reference: https://www.virustotal.com/gui/file/c11d28501fb7301ffcc1ff6ffb5635c6ebe0cab6d0baedb763c82cfe2e76f9ea/detection
This is likely a false positive that you might have to work out with the antivirus vendors, although you may also want to check what you're building to see why it's being detected in the first place.
The text was updated successfully, but these errors were encountered: