cc @UBLU3FQRZ @U013JFLRFS8 @U01DUT900TZ

Just fired up my Windows 10 VM and fired up Edge browser and after initiating downloading https://github.com/babashka/babashka/releases/download/v0.10.163/babashka-0.10.163-windows-amd64.zip I see:

yes - windows defender is reporting the 0.10.163 windows zip as a trojan

it has no complaints about 0.9.162

and how do we know this is for real or not?

someone reports that the scoop install works fine

If I ask defender to scan the zip itself, it reports:

Not much more detail on this threat from microsoft: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Script/Wacatac.H!ml

@U026NQLSBLH says on twitter: if he scans the scoop-installed .exe there are no threats found

I think it would be nice to get this in sooner than later. https://github.com/babashka/babashka/issues/1369 Going for some 💤 now, let's keep an eye on it...

Just tried a scoop update * and…

Updating 'babashka' (0.9.162 -> 0.10.163)
Downloading new version
babashka-0.10.163-windows-amd64.zip (20.5 MB) [=====================================================================================================================================================] 100%
Checking hash of babashka-0.10.163-windows-amd64.zip ... Get-FileHash : The file 'C:\Users\lee\scoop\cache\babashka#0.10.163#https_github.com_borkdude_babashka_releases_download_v0.10.163_babashka-0.10.163-windows-amd64.zip' cannot be read: Operation did not
complete successfully because the file contains a virus or potentially unwanted software.
At C:\Users\lee\scoop\apps\scoop\current\lib\install.ps1:697 char:21
+ ...          return (Get-FileHash -Path $file -Algorithm $algname).Hash.T ...
+                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ReadError: (C:\Users\lee\sc...ndows-amd64.zip:PSObject) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : FileReadError,Get-FileHash

ERROR You cannot call a method on a null-valued expression.
Get-Content : Operation did not complete successfully because the file contains a virus or potentially unwanted software.
At C:\Users\lee\scoop\apps\scoop\current\lib\core.ps1:1142 char:16
+         return Get-Content $file -Encoding byte -TotalCount 8
+                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ReadError: (C:\Users\lee\sc...ndows-amd64.zip:String) [Get-Content], IOException
    + FullyQualifiedErrorId : GetContentReaderIOError,Microsoft.PowerShell.Commands.GetContentCommand

ERROR Hash check failed!
App:         scoop-clojure/babashka
URL:         
First bytes:
Expected:    a81a76b432b47da301ff3192ad97100abe9d98490f16a9d33ff8f6ffcff8f180
Actual:

Please try again or create a new issue by using the following link and paste your console output:

I've submitted the file to MS security as a suspected false positive, but I don't really know anything about their review process or turn-around time or anything. The scanner doesn't have any problem with the .exe file, just the .zip.

I remember we had this issue once in the past. I also submitted binary along with a reference to release file on Github so they can analyse it and mark as false positive.

🤞

I think this might be addressed now - MS came back and said they can't reproduce a detection, so I tried on a machine where I've never d/led babashka and Windows is fine with it there

Nice! Can confirm: • download with Edge of https://github.com/babashka/babashka/releases/download/v0.10.163/babashka-0.10.163-windows-amd64.zip now produces no virus warning • scoop update of babashka now installs fine

@U013JFLRFS8 for future ref, where did you submit to Microsoft? Here?: https://www.microsoft.com/en-us/wdsi/filesubmission

yep, that's the site I used

👍

Thanks a lot, glad to hear this is resolved!