Wincrypt is marked as potential malware during installation via chocolatey

Question

Wincrypt is marked as potential malware during installation via chocolatey

yacoob opened this issue 3 years ago · comments

Not a bug per-se, just wanted to let you know:

PS C:\windows\system32> choco install wincrypt-sshagent
Chocolatey v0.10.15 Professional
Installing the following packages:
wincrypt-sshagent
By installing you accept licenses for the packages.
Progress: Downloading wincrypt-sshagent 1.1.7... 100%

wincrypt-sshagent v1.1.7 [Approved]
wincrypt-sshagent package files install completed. Performing other installation steps.
Downloading wincrypt-sshagent 64 bit
  from 'https://github.com/buptczq/WinCryptSSHAgent/releases/download/v1.1.7/WinCryptSSHAgent.exe'
Using download CDN cache instead of original url.
Progress: 100% - Completed download of 'WinCryptSSHAgent.exe' (4.05 MB).
Download of 'WinCryptSSHAgent.exe' (4.05 MB) completed.
Virus check: 3/70 scan engines flagged this assembly.
 Due to possible false positives we fail at 4 minimum positives.
 Virus scan engine 'Bkav' found potential 'W32.AIDetect.malware1'.
 Virus scan engine 'Cylance' found potential 'Unsafe'.
 Virus scan engine 'APEX' found potential 'Malicious'.
Hashes match.

VirusTotal also shows APEX marking the exe file as suspicious. Probably a false positive... right? :)

BUPTCZQ · Answer 1 · Sun Mar 07 2021 10:27:09 GMT+0800 (China Standard Time)

I think it is a a false positive, WinCryptSSHAgent is built by github action.

Andrew · Answer 2 · Wed Apr 14 2021 08:14:11 GMT+0800 (China Standard Time)

On a somewhat related note, I think Avast Antivirus also marks this as malware.

Lars The · Answer 3 · Sat Oct 02 2021 18:27:46 GMT+0800 (China Standard Time)

And Google Chrome too!