This reminds me of may of one of my favourite piece of software, Mail PassView, which is (AFAIK) considered Malware bei Windows/Defender because it shows you the passwords you entered yourself in Outlook (but forgot to write down somehwere).
Flagging Malware is hard, and research/dev tools are always behaving at least similar to Malware (because we want to get data/do stuff regular users won't do).
More likely/precisely, it's flagged as malware because it's bypassing protections build into windows credential guard- eg, impersonating(or injecting code into) outlook.exe.
making an exception for such a heuristic is, in all cases, wrong since it will always be abused.
The actual answer is: Defender needs a PUP category.
I have the same problem because my installer uses NSIS. And once my DLL also was flagged as a virus / malware even though it's completely legit :/ , everything is signed properly. Anyone knows how to improve this situation ?
chrisandchris|3 months ago
Flagging Malware is hard, and research/dev tools are always behaving at least similar to Malware (because we want to get data/do stuff regular users won't do).
butvacuum|3 months ago
making an exception for such a heuristic is, in all cases, wrong since it will always be abused.
The actual answer is: Defender needs a PUP category.
stavros|3 months ago
kotaKat|3 months ago
Nirsoft tools? Bam, "virus" and "malware". How dare you!
Tailscale website? Uh-oh, ZScaler thinks that's a "remote access tool" so you're being given a click-through formal warning!
The Framework website? Uh-oh, .work is a bad TLD! Can't browse to that, it could be evil!
ttoinou|3 months ago
DiabloD3|3 months ago
ris|3 months ago