starred/act
1
0
Fork 0
mirror of https://github.com/nektos/act.git synced 2026-04-26 09:25:54 +03:00
Code Issues 289 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #2577] Windows Defender false alert on v0.2.70 #1171

New issue
Closed
opened 2026-03-01 21:49:27 +03:00 by kerem · 2 comments
kerem commented 2026-03-01 21:49:27 +03:00
Owner
Copy link

Originally created by @ghost on GitHub (Dec 17, 2024).
Original GitHub issue: https://github.com/nektos/act/issues/2577

Bug report info

-- coudn't execute it --

Command used with act

-- coudn't execute it --

Describe issue

Hello,

on my machine occured following problem: On the latest release ( v0.2.70 ) the windows defender automatically deletes the act.exe based on a recognized trojan ( Win32/Bearfoos.A!ml ).
It seems to be related on the latest changes updated dependencies because when using the v0.2.69 everything works as expected and fine.
Also based on the result of virus total it seems to be a false/positive warning ( see: https://www.virustotal.com/gui/file/f58096e5202c879023f844b68f483b3331a61859e86bdef11c074a84990f900b )

2024_12_17_10_56_39_Ausschneiden_und_skizzieren

Link to GitHub repository

No response

Workflow content

-- coudn't execute it --

Relevant log output

-- coudn't execute it --

Additional information

No response

Originally created by @ghost on GitHub (Dec 17, 2024). Original GitHub issue: https://github.com/nektos/act/issues/2577 ### Bug report info ```plain text -- coudn't execute it -- ``` ### Command used with act ```sh -- coudn't execute it -- ``` ### Describe issue Hello, on my machine occured following problem: On the latest release ( v0.2.70 ) the windows defender automatically deletes the act.exe based on a recognized trojan ( Win32/Bearfoos.A!ml ). It seems to be related on the latest changes updated dependencies because when using the v0.2.69 everything works as expected and fine. Also based on the result of virus total it seems to be a false/positive warning ( see: https://www.virustotal.com/gui/file/f58096e5202c879023f844b68f483b3331a61859e86bdef11c074a84990f900b ) ![2024_12_17_10_56_39_Ausschneiden_und_skizzieren](https://github.com/user-attachments/assets/a3ab2ea7-db1c-4fe0-85c3-71c33c5b846c) ### Link to GitHub repository _No response_ ### Workflow content ```yml -- coudn't execute it -- ``` ### Relevant log output ```sh -- coudn't execute it -- ``` ### Additional information _No response_
kerem 2026-03-01 21:49:27 +03:00
  • closed this issue
  • added the
    kind/bug
         label
kerem commented 2026-03-01 21:49:28 +03:00
Author
Owner
Copy link

@ChristopherHX commented on GitHub (Dec 17, 2024):

I could guess two things act does might cause the detection. However except the automated dependency updates nothing changed as you said.

Interesting this comes up 16-17 days after the binary has been published via automation.

  • The xdg dependency (which has been bumped in 0.2.70), this is used to create a folder before asking the first time survay (the first virus scanner alert coming from winget shortly after a xdg folder has been created without user prompt in an act release)
  • the call to home version check of cplee

I'm not using windows right now and my regular merges to master are blocked due to lack of reviewer. Blind trust in dependablebot PR's.

winget has at the time of writing not even 0.2.70 and they might should avoid to merge the update if defender really detects something for whatever reason and nothing meaningful has been changed.

<!-- gh-comment-id:2549819770 --> @ChristopherHX commented on GitHub (Dec 17, 2024): I could guess two things act does might cause the detection. However except the automated dependency updates nothing changed as you said. Interesting this comes up 16-17 days after the binary has been published via automation. - The xdg dependency (which has been bumped in 0.2.70), this is used to create a folder before asking the first time survay (the first virus scanner alert coming from winget shortly after a xdg folder has been created without user prompt in an act release) - the call to home version check of cplee I'm not using windows right now and my regular merges to master are blocked due to lack of reviewer. Blind trust in dependablebot PR's. winget has at the time of writing not even 0.2.70 and they might should avoid to merge the update if defender really detects something for whatever reason and nothing meaningful has been changed.
kerem commented 2026-03-01 21:49:28 +03:00
Author
Owner
Copy link

@ghost commented on GitHub (Dec 18, 2024):

Thanks for the quick response!
Due the fact that winget merged your PR already and all the other scans were negative I think we can say for sure its fine and I'll close this bug.

<!-- gh-comment-id:2550534811 --> @ghost commented on GitHub (Dec 18, 2024): Thanks for the quick response! Due the fact that winget merged your PR already and all the other scans were negative I think we can say for sure its fine and I'll close this bug.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/go_modules/github.com/go-git/go-git/v5-5.18.0
dependabot/go_modules/dependencies-08815e2262
mergify/configuration-deprecated-update
dependabot/github_actions/dependencies-a3a104477f
chore/simplify-ci-and-makefile
dependabot/go_modules/golang.org/x/crypto-0.45.0
dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0
panekj/ci/improve-jobs
fix-skip-non-yaml-files-in-dir
normalize-pull-rebuild-flags
fix-no-recurse-by-default
2517-poor-error-for-incomplete-action-step
2472-make-use-new-action-cache-the-new-default-for-downloading-actions
act-tart
act-lxc
act-oidc
act-dind
avoid-slash-in-actor
dependabot/go_modules/github.com/docker/docker-26.1.4incompatible
meta-keep-filetime
local-repository-action-cache
pr-merger
update-docker-deps
follow_local_action_symlink
boltdb-lock-in-handler
use-socket-path
no-pull-no-rebuild
path-issues
fix/env
feat/podman
refactor/testdata
v0.2.87
v0.2.86
v0.2.85
v0.2.84
v0.2.83
v0.2.82
v0.2.81
v0.2.80
v0.2.79
v0.2.78
v0.2.77
v0.2.76
v0.2.75
v0.2.74
v0.2.73
v0.2.72
v0.2.71
v0.2.70
v0.2.69
v0.2.68
v0.2.67
v0.2.66
v0.2.65
v0.2.64
v0.2.63
v0.2.62
v0.2.61
v0.2.60
v0.2.59
v0.2.58
v0.2.57
v0.2.56
v0.2.55
v0.2.54
v0.2.53
v0.2.52
v0.2.51
v0.2.50
v0.2.49
v0.2.48
v0.2.47
v0.2.46
v0.2.45
v0.2.44
v0.2.43
v0.2.42
v0.2.41
v0.2.40
v0.2.39
v0.2.38
v0.2.37
v0.2.36
v0.2.35
v0.2.34
v0.2.33
v0.2.32
v0.2.31
v0.2.30
v0.2.29
v0.2.28
v0.2.27
v0.2.26
v0.2.25
v0.2.24
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
area/action

   
area/cli

   
area/docs

   
area/image

   
area/runner

   
area/workflow

   
backlog

   
confirmed/not-planned

   
kind/bug

   
kind/discussion

   
kind/external

   
kind/feature-request

   
kind/question

   
meta/duplicate

   
meta/invalid

   
meta/need-more-info

   
meta/resolved

   
meta/wontfix

   
meta/workaround

   
needs-work

   
pull-request

Mirrored from GitHub Pull Request

  
review/not-planned

   
size/M

   
size/XL

   
size/XXL

   
stale

   
stale-exempt
No labels
area/action
area/cli
area/docs
area/image
area/runner
area/workflow
backlog
confirmed/not-planned
kind/bug
kind/discussion
kind/external
kind/feature-request
kind/question
meta/duplicate
meta/invalid
meta/need-more-info
meta/resolved
meta/wontfix
meta/workaround
needs-work
pull-request
review/not-planned
size/M
size/XL
size/XXL
stale
stale-exempt
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/act#1171
No description provided.