Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

dotnet apphost.exe detected as Trojan

See original GitHub issue

Steps to reproduce

I cloned the repo, and executed:

Import-Module .\build.psm1
Start-PSBootstrap

Expected behavior

Everything works great.

Actual behavior

Popup from Windows Defender, claiming that this file:

C:\Users\<me>\AppData\Local\Microsoft\dotnet\packs\Microsoft.NETCore.App.Host.win-x86\5.0.0\runtimes\win-x86\native\apphost.exe

Is a virus: Trojan:Win32/Fuery.C!cl

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
jazzdelightsmecommented, Nov 8, 2020

This has been addressed. Steps to fix locally:

  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
  3. Run “MpCmdRun.exe -SignatureUpdate”

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

<div>Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence</div><div>Download the latest security intelligence updates for Microsoft Defender Antivirus, Microsoft Security Essentials (MSE), System Center Endpoint Protection (SCEP) and other antimalware.</div>
1reaction
jazzdelightsmecommented, Nov 8, 2020

Submitted to Defender people following instructions here: https://www.microsoft.com/en-us/wdsi/filesubmission/.

<div>Submit a file for malware analysis - Microsoft Security Intelligence</div><div>Submit suspected malware or incorrectly detected files for analysis. Submitted files will be added to or removed from antimalware definitions based on the analysis results.</div>
Read more comments on GitHub >

github_iconTop Results From Across the Web

net5.0 apphost.exe recognized as a Trojan.Win32.Sdum. ...
After migrating an ASP.NET Core project to .NET5 the apphost.exe process is recognized as Trojan.Win32.Sdum.gen by my Kasperky Endpoint Security 11.3.0 ...
Read more >
Malwarebytes detected a trojan. How worried should I be?
I have Malwarebytes Premium that detected a Trojan.Crypt. ... The file in question is called "DOTNET-APPHOST-PACK-7.0.5-WIN-X64.MSI".
Read more >
My ASP.NET core application executable detected as Trojan
While it's possible that your packager or compiler is infected(a la XCodeGhost), it's much more likely that it's a false-positive. Share.
Read more >
File security 7.2 - false positive? - .NET SDK - 5.0.102
Hi anyone else encountered this being reported as infected? triggered during windows update. Time;Scanner;Object type;Object;Detection ...
Read more >
Windows Analysis Report apphost.exe
Net C# or VB.NET; C, C++ or other language; Is malicious; Internet. Behavior Graph ID: 833000 Sample: apphost.exe Startdate: 23/03/2023 ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Add correct hashbang executon and handling for various languages

Next page

Register-ObjectEvent examples not working