Comments (17)
I've sent this to some contacts at MSFT so hopefully it can get routed to the right people.
from zaproxy.
It appears the detection has now been removed for this on latest definition versions. It no longer alerts as a PUA. @ksast does it still happen for you?
from zaproxy.
ZAP is a security tool. It “does bad things”. We know that virus scanners regularly flag the active scan rule add-ons, which is not surprising as they perform attacks.
The Microsoft Defender alert just says that the ZAP exe is potentially “unwanted software” - it is not claiming that the exe is malicious.
Virus scanners are notoriously unreliable, especially when it comes to security tools.
We have double checked the exe and the files it creates and have seen no evidence of anything malicious.
If anyone can provide us with any more specific evidence of malicious code then we will of course investigate further.
Or if anyone has any suitable contacts at Microsoft we’d love to talk to them.
from zaproxy.
For reference: https://www.zaproxy.org/faq/why-does-my-antivirus-tool-flag-zap/
from zaproxy.
We do think this is very likely to be a false positive, but we are doing due diligence
For reference we did submit the Windows installer to Virus Total: https://www.virustotal.com/gui/file/28b348dd65116ddabbbbd98b7f84864a0bb0f98d656266f2f08bfd010ae51c57?nocache=1
As you will see 3 services flagged it, but not Windows Defender.
It is worth noting that virus scanners are very flaky, and ZAP is a security tool which by nature "does bad things".
from zaproxy.
Its worth noting that the alert is 'Packunwan' unwanted software was detected New Detected Informational
So its just potentially additional software, it is not complaining about anything malicious.
ZAP is a complex tool that has many components.
It is not surprising that a virus scanner would detect "potentially unwanted software".
from zaproxy.
Submitted directly to Windows Defender online:
from zaproxy.
I just had a poke around at this, and appears in the build there is a file called "ascanrules-release-66.zap". It looks like this file might be causing the detection as it is flagged by Defender for https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan%3AWin32%2FBitrep.B. This does look to be a FP.
https://www.virustotal.com/gui/file/6c63ac358a5a183a757cb63ac13040e58eb3087aa9ca25bf40a02fab83f3736f
from zaproxy.
"ascanrules-release-66.zap" is the active scan rule add-on: https://www.zaproxy.org/docs/desktop/addons/active-scan-rules/ - these are the rules which attack web apps. So its really not surprising that it gets flagged by AV tools 😁
from zaproxy.
It's worth mentioning that the detection does not apply to version 2.14.0.
from zaproxy.
We did encounter similar things when 2.14 was first released. Though to a lesser extent. In the mean time both AV solutions and ZAP have changed/evolved.
from zaproxy.
Thanks @benmcgarry
from zaproxy.
Appears Smart Screen is now flagging on it:
from zaproxy.
@benmcgarry isnt that just saying that ZAP is from an unknown publisher, rather than its failed an AV check?
This is expected as we are not yet signing the installer..
from zaproxy.
I dont get that prompt on the 2.14 release which i'd assume would also trigger? Did any of the build process change for 2.15?
from zaproxy.
Not radically, but there are bound to have been some changes
from zaproxy.
2.14 might be "popular" enough that SmartScreen ignores it.
from zaproxy.
Related Issues (20)
- Separate nodes for multipart/form-data POSTs to same URL with different parameters
- ZAP should display popup message when autoscan complete HOT 5
- issue when installing the new version HOT 9
- Getting High Alert ("SQL injection may be possible"), whie we are not using sql in the application. HOT 7
- ZAP ascanrules plugin detected by Bitdefender as trojan when starting on Windows 10 x64 HOT 1
- OpenAPI Import vnd.api+json support HOT 1
- The default view of opening fuzzer window, can not add locations HOT 3
- ZAP crashed when autoscanning specific site on Windows 10 x64 HOT 4
- Certificate regeneration has problem with local servers, NPE in ExtensionNetwork.java line 1151 HOT 2
- HAR import fails silently HOT 7
- Heartfelt thank you HOT 3
- False Positive - Cookie Slack Detector
- false positive of sql Injection
- Unable to generate the report HOT 4
- Provided browser was not found error in ZAP. HOT 1
- ZAP creates an incorrect Authorization header when testing APIs HOT 7
- Failed to attack URL error appeared during autoscan specific site HOT 5
- UI search not highlighting correctly HOT 2
- False Positive results due to receiving a successful response HTTP/1.1 200 OK HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zaproxy.