[GH-ISSUE #153] Virus scanner detects windows release as infected #94

New issue

Closed

opened 2026-02-25 22:32:35 +03:00 by kerem · 2 comments

kerem commented

2026-02-25 22:32:35 +03:00

Owner

Originally created by @kaiwa on GitHub (Apr 11, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/153

It's a false positive for sure, but this can be quite an issue with company networks where users are not allowed to configure exceptions for the virus scanner.

Virustotal.com shows no match for Bitdefender (only for McAffee), but on a colleague's windows system Bitdefender detects the exe as virus as well.

Is there anything you can do to prevent that false positive?

Tested with that release: https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-windows-amd64.exe

Scan result:

McAfee-GW-Edition
BehavesLike.Win64.VirRansom.rh

https://www.virustotal.com/gui/file/546ad2acbf74ddad79e47d2fe86fe851aa25012822fec7c656b565dbb82a23ed/detection

Originally created by @kaiwa on GitHub (Apr 11, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/153 It's a false positive for sure, but this can be quite an issue with company networks where users are not allowed to configure exceptions for the virus scanner. Virustotal.com shows no match for Bitdefender (only for McAffee), but on a colleague's windows system Bitdefender detects the exe as virus as well. Is there anything you can do to prevent that false positive? Tested with that release: https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-windows-amd64.exe Scan result: > McAfee-GW-Edition > BehavesLike.Win64.VirRansom.rh https://www.virustotal.com/gui/file/546ad2acbf74ddad79e47d2fe86fe851aa25012822fec7c656b565dbb82a23ed/detection ![Bildschirmfoto von 2019-04-11 09-18-50](https://user-images.githubusercontent.com/319268/55938115-db61f780-5c3a-11e9-9567-a2a928a7e23e.png)

kerem closed this issue

2026-02-25 22:32:35 +03:00

kerem commented

2026-02-25 22:32:35 +03:00

Author

Owner

@FiloSottile commented on GitHub (Apr 11, 2019):

This is unfortunate, but it happens with Go binaries, and I can imagine that adding roots to the system store is also something that annoys AV engines.

I don't think there's anything I can do here, but if you could report it as a false positive to the AV vendor, I'd appreciate it.

@FiloSottile commented on GitHub (Apr 11, 2019): This is unfortunate, but it happens with Go binaries, and I can imagine that adding roots to the system store is also something that annoys AV engines. I don't think there's anything I can do here, but if you could report it as a false positive to the AV vendor, I'd appreciate it.

kerem commented

2026-02-25 22:32:35 +03:00

Author

Owner

@loeffe1 commented on GitHub (Sep 2, 2019):

Same is happening to me using Avira Pro. HEUR/APC (Cloud) detected and access blocked. I have reported this to the vendor.

@loeffe1 commented on GitHub (Sep 2, 2019): Same is happening to me using Avira Pro. HEUR/APC (Cloud) detected and access blocked. I have reported this to the vendor.