Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows defender detecting testhost.exe as MSIL/AgentR #10416

Open
mikaeleliassonbokio opened this issue Nov 7, 2024 · 1 comment
Open

Windows defender detecting testhost.exe as MSIL/AgentR #10416

mikaeleliassonbokio opened this issue Nov 7, 2024 · 1 comment

Comments

@mikaeleliassonbokio
Copy link

Hi!

We just got testhost.exe blocked on one of our build servers by Windows Defender. I'm pretty sure this is a false detection but will likely cause issues for vstest so you might want to reach out to the Defender team.

Here is the data on the file it quarantined. No other vendors complained.
https://www.virustotal.com/gui/file/d2eb1420117e8096f505ed0786c47e32e2e2e16cb80f90c4c308b1ef61a8e24e

This was from version 17.11.1. I also verified that it was the file as it was published and not something in our system that changed it by doing the following steps.

1) download the nuget package (from the download link on the nuget page).
2) rename it to .zip
3) unzip it
4) Find the file testhost.exe
5) Upload it to virustotal
And I now go the same hash as the detected file.

Image

Here is the version info for Defender if you need it.
Image
@nohwnd
Copy link
Member

nohwnd commented Nov 8, 2024

I've reported this to the responsible team, will keep you updated if I get some info back.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nohwnd @mikaeleliassonbokio