It likely really was false positive. Furthermore it's not detected anymore with definition update MS has released today.
Martin Dne 27. 1. 2017 v 16:47 Kai Tietz napsal(a): > Well, not sure what your problem is. I don't encounter this problem > with windows defender. So I guess that you might have a virus on your > local system, or the heuristic of your defender has wrong positive. > As the Windows defender guys in doubt. > > Regards, > Kai > > > 2017-01-27 2:09 GMT+01:00 Martin Mitáš <[email protected]>: >> >> Hi, >> >> FYI, Windows Defender on Windows 10 with current definitions >> just started to (mis)detect some .exe files inside mingw-builds >> packages. >> >> I tried both rev0 and rev1 downloaded from here: >> https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/6.3.0/threads-win32/sjlj/ >> >> The following files are detected as "Trojan:Win32/Kandelo.B!d": >> >> file:C:\mingw32\bin\addr2line.exe >> file:C:\mingw32\bin\ld.bfd.exe >> file:C:\mingw32\bin\ld.exe >> file:C:\mingw32\bin\strings.exe >> file:C:\mingw32\i686-w64-mingw32\bin\ld.bfd.exe >> file:C:\mingw32\i686-w64-mingw32\bin\ld.exe >> file:C:\mingw32\libexec\gcc\i686-w64-mingw32\6.3.0\collect2.exe >> file:C:\mingw32\libexec\gcc\i686-w64-mingw32\6.3.0\lto-wrapper.exe >> file:C:\mingw32\libexec\gcc\i686-w64-mingw32\6.3.0\lto1.exe >> >> >> According to virustotal.com, no other Vendor detects it: >> https://virustotal.com/en/file/370f9b6d95ae2ad551e9db431e5696883b6a05203ba462fbd79b41f882de7ea7/analysis/ >> >> Hence I beliebe it's just a false positive in most recent definitions >> update. >> >> The workaround is to turn Windows Defender off (at least its runtime >> scanning), otherwise it blocks running those .exe and makes mingw-w64 >> installation unusable. >> >> Hopefully it's not their punishment for preferring mingw-w64 over >> VisualStudio :-) >> >> I reported to Microsoft through >> https://www.microsoft.com/en-us/security/portal/submission/submit.aspx >> >> Best regards, >> Martin >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, SlashDot.org! http://sdm.link/slashdot >> _______________________________________________ >> Mingw-w64-public mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/mingw-w64-public > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > Mingw-w64-public mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/mingw-w64-public > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Mingw-w64-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mingw-w64-public
