Windows defender detecting testhost.exe as MSIL/AgentR

[mikaeleliassonbokio]

Hi!

We just got testhost.exe blocked on one of our build servers by Windows Defender. I'm pretty sure this is a false detection but will likely cause issues for vstest so you might want to reach out to the Defender team.

Here is the data on the file it quarantined. No other vendors complained.
https://www.virustotal.com/gui/file/d2eb1420117e8096f505ed0786c47e32e2e2e16cb80f90c4c308b1ef61a8e24e

This was from version 17.11.1. I also verified that it was the file as it was published and not something in our system that changed it by doing the following steps.

1) download the nuget package (from the download link on the nuget page).
2) rename it to .zip
3) unzip it
4) Find the file testhost.exe
5) Upload it to virustotal
And I now go the same hash as the detected file.

Here is the version info for Defender if you need it.

[nohwnd]

I've reported this to the responsible team, will keep you updated if I get some info back.