You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As of Friday, November 3rd 2023 17:11 (CEST) the VDI client is detected as malicious software by most of the available security scan engines and/or EDR's engines.
Specifically the vdiclient.exe on Windows is flagged to contain a generic trojan (no more information given). The classification seems to be based on machine learning patters with a high degree of confidence but in can very well be a false positive in my oponion.
Windows Defender immediately remidiates the client (by removing it)
I am investigating this for a few days now without clear result.
Active Sandbox tests with bevavioral anaysis do not show further evidence.
This is a callout for everyone to be cautious at the moment and also to help with further investigations.
Best regards
Rob
The text was updated successfully, but these errors were encountered:
I performed another test building a 'hello world' executable, and I get the same patterns. It seems like anything built with Pyinstaller is getting flagged.
Also, I'm convinced that the network communication that is happening according to virustotal is when they test, either windows defender or telemetry is sending data to Microsoft.
In the meantime I'm going to submit to Microsoft for analysis.
Hi.
As of Friday, November 3rd 2023 17:11 (CEST) the VDI client is detected as malicious software by most of the available security scan engines and/or EDR's engines.
Specifically the vdiclient.exe on Windows is flagged to contain a generic trojan (no more information given). The classification seems to be based on machine learning patters with a high degree of confidence but in can very well be a false positive in my oponion.
Windows Defender immediately remidiates the client (by removing it)
I am investigating this for a few days now without clear result.
Active Sandbox tests with bevavioral anaysis do not show further evidence.
This is a callout for everyone to be cautious at the moment and also to help with further investigations.
Best regards
Rob
The text was updated successfully, but these errors were encountered: