Comments (3)
Thanks for the report. Do you have any screenshots or logs for this detection? I scanned everything with Defender now which didn't appear to find anything.
Can you also double-confirm this is arm64 not amd64?
Arm64: https://www.virustotal.com/gui/file/7f8293b17885583193e74430a1ff743d1d1a605363180c6cb3af5a1fe43e9e4e
Amd64: https://www.virustotal.com/gui/file/6ab7add993b8e9065c0997810139c3d2dbd48be9f0a1982235fbca5237302577
Do these hashes match the file contents you have?
Historically the Defender team have been fairly responsive to reports of overactive detection, but not all vendors are. It's not uncommon to see something like here where Arm64 is flagged by somebody based on a heuristic (as opposed to a thumbprint) and then that gets picked up as a kind of echo chamber.
Looking at the "relations" tab shows another AV vendor is detecting the ARM version of very trivial tools (title, cls, pause, mkdir, etc.) It makes me wonder a little what heuristic behavior malware today has (open console window, clear screen, update title, display message, wait for key press...?)
from yori.
Thanks for a prompt reply.
Apologies for not replying at once -- it was a busy week for me. I confirm it was arm64. The issue is gone and seemed to be a false positive (as I suspected from the beginning).
from yori.
It seems like there's nothing actionable left here. Let me know if there are future detections (which will happen - this is an ongoing ecosystem wide problem.)
from yori.
Related Issues (20)
- Ctrl-C stops working after terminating GUI app once HOT 5
- Provide all installer options as command line arguments HOT 2
- Allow for a custom starting directory HOT 2
- Command line length limit in Yori ? Like 8191 in cmd ? HOT 2
- Implement long path pseudo current directory HOT 4
- Broken alias command for paths with spaces HOT 2
- Feature request: Option in Tee to remove color HOT 2
- yori's lsof breaks react-scripts HOT 3
- Yori installer for the arm64 Windows HOT 4
- yenv: accept variable from stdin HOT 4
- "cab.exe -s -u" does not overwrite files with read-only and system attributes set HOT 2
- "ycopy.exe -p" raises ERRORLEVEL to 1 if there is nothing to overwrite HOT 1
- Can't run Notepad HOT 2
- YoriInit.ys1 script %__APPDIR__% and %__CD__% environment variables on Windows XP HOT 2
- throw er; // Unhandled 'error' event HOT 2
- fail to install yori-core on amd HOT 2
- ConEmu + Clink + Yori + Python + xonsh = surprise XD HOT 2
- CD Improvement HOT 2
- feature request: DIR /W multi-column filename-only view HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yori.