SceneSwitcher marked as virus about sceneswitcher HOT 4 CLOSED

Thank you very much for the confirmation!

I also double checked whether the issue was introduced on my machine by downloading the offending artifact once again and sure enough the artifact itself already shows the issue and is instantly being blocked by Windows Defender. (run 413774326)

I will try to somehow submit this false positive so that at least something useful comes out of this situation.

from sceneswitcher.

There were indeed multiple reports of the plugin being flagged as a trojan.
For some reason only windows defender seemed to have flagged it and I have no clue why or what part of the plugin was triggering that.
Other antivirus software seems to have no problem with it.
And strangely enough it just started happening yesterday.

The plugin is built using "github actions" workflow whenever changes are submitted.
I use these automated builds for the releases, so you could theoretically compare the checksums of these automated build results with the one of the release. (But that is of course very cumbersome)

Just rebuilding the plugin with a different version tag seemed to have resolved the issue and I updated the 1.8.1 release to contain these new binaries.
They were built using this github actions run:
https://github.com/WarmUpTill/SceneSwitcher/actions/runs/419084368

I would appreciate if you could also confirm if this one is also not being blocked by Windows Defender on your end.

In general you can always fall back to using the automated build artifacts directly, if you want to avoid these binaries ever having been in contact with my machine, although these builds could potentially be a bit more unstable as new features are being implemented.

I wish I had any idea what could have caused this so it can be avoided in future.
So for now I just hope that I will not run into that problem again.

from sceneswitcher.

I downloaded the artifacts from the recent build and so far so good, I'm not sure if there's a manual way to trigger an explicit Windows Defender on files or directories.

Downloading the artifacts directly from the build pipeline is probably a really good suggestion as downloading files from seemingly outdated forums can be sketchy.

EDIT: Manually scanning the recent files didn't trigger any alerts from Windows Security.

from sceneswitcher.

Oh, that was a way quicker response by Microsoft than I expected:

Analyst comments:

We have removed the detection.  Please follow the steps below to clear cached detection and obtain the latest malware definitions.

     1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 
     2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
     3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.

I will close the issue for now but I will leave it pinned in case others still run into this problem.

from sceneswitcher.