Getting a Virus warning on latest nightly download

[groovyclam]

It's Mon July 29th 12:09 British summer time and if I download the current nightly build Microsoft Win 11 deletes the download with the following info:

[maforget]

It's a nightly build, I can't go to each and every vendor asking them to remove their false positive. This happens because of low confidence (the file is not commonly downloaded) and the executable not being signed (cost money). There is nothing I can do.

We had problems with Windows Defender at first, but after a couple of submissions the detection went away. For me Windows Defender is probably the one I care more about, since most will have that.

I have no idea what your anti-virus is but it is not Windows like you said. From a short search it looks like it is from NordVPN. Also see how it says HEUR, that means Heuristics. It means it's detection engine believe it may have unwanted code, but they didn't detect an actual virus. Just compare to VirusTotal. It is pretty clean except a weird AV nobody uses.

I've coded project enough that were detected when I know all the code and it still detected them. I had a program that I couldn't even build, because of BitDefender. Even when there was no code left. Or Windows Defender Machine Learning detecting Wacatac for almost every .NET project I shared (like this one). I know people are quick to point out it's a false positive, but they are so common that people just ignore the warning completely, which isn't the best also. And of course the author of the project will say it is a false positive, even if it isn't.

On the other side, some users will get very scared when a Anti-Virus says there is a virus somewhere, even when it says Not-a-Virus. And I get it these days it's hard to tell what may be hidden underneath. But at the same time AV are kind of worthless except for old very well known virus. Anyone that has malicious intentions, can upload their file to VirusTotal and see if there is detection. Or they will have the actual malicious payload be downloaded afterward or hide their unwanted code in a very sneaky way. So IMHO, one of the best protection you can have is usually a good firewall that you whitelist what is required only and everything else is blocked by default. Since virus these days are usually ransomware or info stealers, if they can't access the internet they can't steal your data or get their encryption keys.

You still need to be careful, but I went out of my way, that all source code is available and all builds are automated to reduce the perceived risk. I would be more suspicious of projects that use github, but don't provide the source code and/or obfuscate it to prevent people from decompiling their code.

Your browser may say that this file isn't normally downloaded, because of the confidence and Windows will show a smart screen that it prevented a unrecognized program from starting. This isn't the same as a virus warning, just extra protection you need to click though to accept. You can also download the zip file, if you prefer.

Like it is stated on the main page, the builds are done by GitHub servers, so unless GitHub servers are infected by a virus, it is all a false positive.

[groovyclam]

Thanks for all that - yes the detection is from NordVPN not Win 11.
I can turn that feature off to download and turn it back on afterwards.

[groovyclam]

I uploaded it to VirusTotal and got a flag on an antivirus called "Bkav Pro" for the virus AIDetectMalware which googling says comes up a lot as a false positive on Bkav Pro

[maforget]

LIke I said a weird Av nobody uses. The Virus Total link is in my response.