Comments (5)
I downloaded using Invoke-WebRequest
and Chrome without any issues.
The !ml
portion of Trojan:Win32/Wacatac.B!ml
indicates the detection was made using machine learning, which is prone to false positives.
If in doubt, you can scan using virustotal. Result shows 1/72 detections from vendors, with the only detection also being ML based:
![pkl-windows-virustotal](https://private-user-images.githubusercontent.com/107861121/341155264-bf4fb8dc-f5e8-41cf-a9da-26824e81c824.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjAwNjgyODcsIm5iZiI6MTcyMDA2Nzk4NywicGF0aCI6Ii8xMDc4NjExMjEvMzQxMTU1MjY0LWJmNGZiOGRjLWY1ZTgtNDFjZi1hOWRhLTI2ODI0ZTgxYzgyNC5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNzA0JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDcwNFQwNDM5NDdaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT04N2YxMWI5MGU1ZGU3OGI1N2JiMmY3MTA1MDg4N2JkNWI2MzAwNDc0YmZiZDg5ZmM2OGUwOGFmN2ZjN2NlMjk5JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.4L_cOJYJ32_TJK70TMBp8KWVFChRrXn8Z2o8R0l3gqo)
from pkl.
I would think so (false positive)! This is disconcerting, nonetheless... How did you download it? Browser? (If so, which one?) Invoke-WebRequest
? GitHub client?
from pkl.
I downloaded it via Chrome by clicking the link on the Github Release page.
It also did not alarm at first but only when i tried to execute it (without arguments to get the help displayed), after which it also instantly triggered on subsequent downloads (when i wanted to confirm that I did not accidentally download another version via some other link)
My current assumption would be that the native executable tries to load some java code via unpacking or something (or lazy loading more code from the net?) which could plausibly trigger the Windows Defender
P.S.: I also downloaded the 0.27.0-SNAPSHOT version linked in my other github issue in the pkl-intellij repository (apple/pkl-intellij#8 (comment))
Command is as described here: https://pkl-lang.org/main/latest/pkl-cli/index.html#windows-executable
Although I think i deleted that version after I noticed there was a new 0.26.0 release and the 27-SNAPSHOT did not trigger anything (not 100% sure if I executed that one or not)
from pkl.
The native executable runs on sandboxed / air-gapped machines, so it certainly isn't a late/remote load. The point of GraalVM's native-image
is that you don't end up running a JVM, so I also cannot imagine anything having to do with that type of Java dynamism.
I've searched for similar reporting on native-image
, but have not seen much. There have been issues with false positives from Windows Defender for GraalVM before, but that concerned a component (svm.jar
) of the GraalVM distribution itself.
Do try the 0.27-SNAPSHOT, because it's built with the same infrastructure. Alternatively, see what happens if you get it through Invoke-WebRequest
or curl
(we've seen issues with signing from browser-downloaded binaries before that other download tools didn't have). If you have any more detail from Windows Defender, that could also be helpful. Anyone else seeing similar and finding this, please chime in!
from pkl.
I can't reproduce that (Windows 11). I can download the exe through chrome and run it on cmd or powershell with no problems. Running Windows Defender on it, also says the file is fine, nothing was found.
from pkl.
Related Issues (20)
- Reads with same glob pattern return same result even if located in different modules/directories HOT 1
- better source listing for IntelliJ to include line numbers? HOT 2
- Provide an ability to depend on a local project module from a non-project module HOT 1
- Feature Request: Add `hcl` format HOT 1
- [Feature Request] User-defined generics (type parameters for classes) HOT 1
- Unexpected caching with pkl-go and Evaluator.EvaluateOutputText HOT 1
- Output path placeholders don't expose `ValueRenderer.extension`
- Optimization: `const` members should be cached for all children in prototype chain
- `pkl: Exec format error` in Dockerfile HOT 2
- Unexpected error when resolving project in the current directory HOT 1
- Official MacPorts Pkl Port? HOT 1
- Suggestion: Absent value for removing members HOT 1
- `pkl-server` should expose both a transport schema version and the version of Pkl itself HOT 1
- Local variables inside for loops yield an error HOT 5
- Use pkl to validate existing config files HOT 2
- Feature Request: Improve VSCode plugin and publish it in the Marketplace
- `json.Parser` should throw an error when `useMapping = false` and key "default" is encountered HOT 1
- Implement nested types HOT 1
- Xcode integration?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pkl.