Windows Defender detects Puwaders.C!ml in ver 1.19.0 #79
Comments
dzonesasaki
changed the title
|
Yes, that's a false positive. Due to bad luck that particular binary has
many hits on Virus Total, too. In general, 32-bit binaries have it worse
than 64-bit binaries.
The GNU Make build is reproducible, and so you can practically verify this
for yourself if you're paranoid. You only need Docker (or Podman) to build
a bit-for-bit identical binary from source. Inputs all come from official
sources (see the top of Dockerfile), cryptographically verified, and the
build steps are easily auditable (rest of Dockerfile). Building on v1.19
or the current master (2b0ae5a) will produce this matching hash:
$ ./multibuild.sh -4
$ unzip -q w64devkit-i686.zip w64devkit/bin/make.exe
$ sha256sum w64devkit/bin/make.exe
c12fbcc2121322cd455e06d437bc96ee64c2c96c64e185f292f9a7fd6a0d7182 w64devkit/bin/make.exe
If you plug that hash into Virus Total you'll see month old results which
include this false detection.
|
|
Thanks for the reply. I see this issue should be in gnu make. I would like to close this issue. |
This was referenced Aug 8, 2024
Closed
|
+1'ing this. Quite a few hurdles to actually get the damn file into my Downloads folder. Any way to fix this? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Windows Defender detects PUA:Win32/Puwaders.C!ml in make.exe from w64devkit-i686-1.19.0.zip .
Is this a false positive?
The text was updated successfully, but these errors were encountered: