Windows Defender trojan alert after publish
Whenever I publish my project to a folder I get a Windows Defender warning about "Meterpreter!pz" I have built this solution multiple times before and only now is it throwing this this at me.
Jyour program happens to match heuristics for malware
Jthat doesn't mean it is, just that defender thinks it is
SWhat could I do to circumvent this?
Ji think there's a guy here on the defender team that might appreciate a sample of the false positive
SThat would be great
M@rtreit and @etreit both work on the Defender team, although I think they are on holiday break. But yes you should submit it as a false positive here:
https://www.microsoft.com/en-us/wdsi/filesubmission
https://www.microsoft.com/en-us/wdsi/filesubmission
Submit suspected malware or incorrectly detected files for analysis. Submitted files will be added to or removed from antimalware definitions based on the analysis results.
MIf you report back the submission ID they might be able to give the submission a little nudge.
SLooking into it
SWhat do you mean by this?
MWhen you submit the false positive it should give you back some kind of ID
EYou should get a submission number back, if you toss it here we can take a look more easily
MMeterpreter!pzFor once it's not wacatac
EI’m afk but should be back home soon and can take a look, might be worth seeing if you can do an update, I think I remember something about a meterpreter detection that was having some false positives that was removed, but might still be on your machine. I can verify if that might be the case in a bit.
Slol File upload failed - please try again.
Sdd1d08fd-1132-4928-980b-9b7b6081003c
SVery much appreciated!
EThank so much for giving us the submission number, I took a look at what was detecting it and it seems a bit wonky so putting some stuff into motion for someone to re-examine that. Sorry about this!
SI'll add that this only happens in the release publish builds with Single File option. It does not get flagged if i build a release build and run it locally.
MWhat about debug?
SYou mean running it in IDE with debug, or compiling a debug and executing it?
MI meant publishing a debug build with single file
MWas just curious
SWill try in about 15 minutes
SIt also gets deleted, only non-published ones work
EWe are disabling that detection and the change should be rolling out soon. Thanks a ton for sharing with us!
SGlad to hear!
SWas actually worried that my files were just compleetely damaged
PThat's some quick response time, unlike Norton who still hasn't responded to a friend of mine after 2 years 
PFor future reference, usually if you have issues with AVs, the best way to avoid them is to get a code signing certificate
Ji managed to get a false positive on my company's (not defender) AV by changing the color of an element in avalonia 
JI think Norton exists just to collect money and spread misery
MNorton is terrible