https://bugs.documentfoundation.org/show_bug.cgi?id=170040
Bug ID: 170040
Summary: False positive from winget validation AV TRELLIXENS
for 26.2.0.0.beta1 x86
Product: LibreOffice
Version: 26.2.0.0 alpha0+ master
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: medium
Component: Installation
Assignee: [email protected]
Reporter: [email protected]
Description:
I've started creating winget manifests for the LibreOffice pre-releases. The
validation stage is failing because of a, presumably!, false positive for
inprocserv.dll in LibreOfficeDev_26.2.0.0.beta1_Win_x86.msi , shown as
W32/Patcher, which I kind of understand. The AV causing this result is
TRELLIXENS, and I've not been able to report it there. I'm hoping you have
better contacts/skills than me.
For reference, the Pull Request is
https://github.com/microsoft/winget-pkgs/pull/321771 and I've had some
discussions already with the team there.
Steps to Reproduce:
1.See https://github.com/microsoft/winget-pkgs/pull/321771
2.Trigger a validation run
Actual Results:
One or more ESRP Scan Blocking detections found:
Installer: LibreOfficeDev_26.2.0.0.beta1_Win_x86.msi
InstallerSha256:
fa171e7038eb863ca25f7039bcd411d60fb5f933117c49bdf6ccd84a2b97cd7c
FileName SHA256HexFileHash Detection Engine Detection
Description
inprocserv.dll
4f50e5b881c2abfc0afc129899a5af3223b6af6cbcfc8080d501dc227632c4e2
TRELLIXENS the W32/Patcher virus !!!
Expected Results:
A clean run.
Reproducible: Always
User Profile Reset: No
Additional Info:
This hasn't been seen on production LibreOffice winget packages, nor
26.2.0.0.alpha1 nor other architectures. So far anyway.
By the way, any help on winget is appreciated!
--
You are receiving this mail because:
You are the assignee for the bug.
