-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trojan found via winget update #1867
Comments
Hi @Sjoo90, that's odd! The MSI was built by our CI job (like all of our other releases). Are there any more details about why that antivirus thinks it's a trojan? |
VirusTotal shows no detections of malicious behavior for that MSI artifact… …but there is a note about potential false positive alerts that might be generated for the file:
@Sjoo90 Does the SHA256 checksum match? (You can use the
|
Hi @Sjoo90 similar to @jsejcksn, I'm not seeing any issues with the installer. I cleared it out, installed from Given that the SHA matches the expected value (which I think is required by Winget anyway), my only hypothesis right now is that you're running into a false positive with the virus scan. If there are more details about what is found, that might help us understand why it's getting flagged as a false positive (though in my experience, virus scan programs are light on details to not give attackers more info than necessary on how to evade). Edit: Another possibility - Could
Which gave me the following hash on the file installed from Winget:
|
Alternatively, using
|
This came up for me when I runned winget update --all for Volta.Volta
It's swedish, but I think you can find out.
The text was updated successfully, but these errors were encountered: