Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Malicious software detection #81

Open
roberix opened this issue Nov 6, 2023 · 2 comments
Open

Malicious software detection #81

roberix opened this issue Nov 6, 2023 · 2 comments

Comments

@roberix
Copy link

roberix commented Nov 6, 2023

Hi.

As of Friday, November 3rd 2023 17:11 (CEST) the VDI client is detected as malicious software by most of the available security scan engines and/or EDR's engines.

Specifically the vdiclient.exe on Windows is flagged to contain a generic trojan (no more information given). The classification seems to be based on machine learning patters with a high degree of confidence but in can very well be a false positive in my oponion.

Windows Defender immediately remidiates the client (by removing it)

I am investigating this for a few days now without clear result.

Active Sandbox tests with bevavioral anaysis do not show further evidence.

This is a callout for everyone to be cautious at the moment and also to help with further investigations.

Best regards

Rob

@joshpatten
Copy link
Owner

I performed another test building a 'hello world' executable, and I get the same patterns. It seems like anything built with Pyinstaller is getting flagged.

Also, I'm convinced that the network communication that is happening according to virustotal is when they test, either windows defender or telemetry is sending data to Microsoft.

In the meantime I'm going to submit to Microsoft for analysis.

@roberix
Copy link
Author

roberix commented Nov 6, 2023

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants