I just download the latest release 0.4.1 (mdzk_0.4.1_x86_64-pc-windows-gnu.zip). The download was blocked by threat protection of Windows 10.

I'm using the latest Windows 10 build including the latest updates for threat protection.

I also tried download release 0.4.0. Same effect.

Any idea why this could be happening?

Hm, this is embarrassing... I guess it could be related to our GitHub Action? I don't have a Windows machine to test it right away but I try to take a look soon. Thanks for your report!

Could be related to your build machine, but I don't know how your build process is setup.
Now I just tested the download with a machine running Windows 11 preview which also identified the download as a possible infection risk.

Could still be a false positive from the Microsoft engine.

I scanned the file with virustotal.com and https://vms.drweb-av.de/online/. Both said that the file does not contain any virus. Therefore I guess it is a false positive from the Microsoft engine. But I can't validate that because I don't have any Windows machine which is running a different antivirus solution.

This is very weird... I've combed through the build action we are using, and it looks totally legit. We have also tried a few virus scanners, Windows Defender included, and have not managed to replicate the warning.

I'll take down the downloads ASAP, and investigate further before we risk anything. @eBerdnA do you know if you have any other malicious software on your computer that could be trying to hide as mdzk?

Of course, I cannot exclude this 100%, but there are two different computers on which the message was displayed by Windows Defender.

I first came across mdzk today because I was looking for a way to turn Obsidian Notes into static HTML. Before today I haven't done anything with mdzk. Therefore, while it is possible that a virus is trying to impersonate mdzk, I think that should be the case with other downloads as well.
Just to double check that I just download some other binaries for Windows from another project (Hugo) which did not cause any Defender warning.

I also checked whether there was an update for the Defender available. There was an update available. Right now this version is active on my machine (Windows 11 preview) which is still causing the trojan warning for mdzk.

However, I must admit that it is strange that other virus scanners, as I also wrote, do not seem to react.

Therefore, as also written before, I believe that it is a false positive result.

So finally just used a third PC, running Windows 10 but same Defender version. On this PC no warning is issued when I download the binaries for mdzk. Now I'm honestly confused as to which result to believe.
My intention is definitely not to cause unnecessary confusion here.

@eBerdnA thanks for the information! One of us just got the warning in a Windows 10 VM, so this seems to be related to mdzk. We've not discovered the reason yet, but I'm pretty sure this is a false positive, yes.

While we try to get this fixed; are you able to install mdzk with Cargo? (cargo install mdzk.) Defender might be more friendly to a locally compiled binary.

Somehow I'm glad this is not only happening on my machine. Even though it doesn't solve this issue.

I just gave cargo a shot and couldn't install mdzk because libquickjs-sys-0.9.0 couldn't be built. I don't know why but this is another issue which doesn't belong into this issue.

Moreover I made a submission to Microsoft for a false positive analysis. The procedure is described here: Address false positives/negatives in Microsoft Defender for Endpoint | Microsoft Docs
The final status is still pending. I don't know how long it will take until Microsoft has made a final assessment for the submission.

I just gave cargo a shot and couldn't install mdzk because libquickjs-sys-0.9.0 couldn't be built. I don't know why but this is another issue which doesn't belong into this issue.

We are discussing to change the JS engine to avoid this issue so it might not be a problem in the future.

Moreover I made a submission to Microsoft for a false positive analysis. The procedure is described here: Address false positives/negatives in Microsoft Defender for Endpoint | Microsoft Docs
The final status is still pending. I don't know how long it will take until Microsoft has made a final assessment for the submission.

Thank you for your time reporting this issue!

I just gave cargo a shot and couldn't install mdzk because libquickjs-sys-0.9.0 couldn't be built. I don't know why but this is another issue which doesn't belong into this issue.

@eBerdnA really sorry for all these issues and thanks so much for submitting a false positive to Microsoft 😄 I'll try to rewrite our KaTeX-approach temporarily today, so we can remove the quickjs dependency. It has caused nothing but pain for Windows users 😅

You're welcome.
Microsoft finished the analysis and from my understanding agreed on this being a false positive. They also provided steps on how to update the signatures manually.

Just to make it easier for search engines and people finding this, here are the steps/commands from the screenshot.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Unfortunately, I can't test the detection on my system right now because the downloads for Windows have been taken down. 😉

Unfortunately, I can't test the detection on my system right now because the downloads for Windows have been taken down. 😉

I'll ping you as soon as I've got 0.4.2 up and running, and compiled for Windows 👍

@eBerdnA 0.4.2 is out now, and my testing with both Windows Defender (on Windows 10) and with VirusTotal, threw no warnings. Hopefully, this is the case for everyone...

0.4.2 also doesn't have a dependency on QuickJS, so it should compile completely fine on Windows. Fingers crossed that everything works for you, keep us posted 🤞

I just downloaded the latest release 0.4.2. It did not trigger Windows Defender. 👍🏻
Therefore, this issue can be closed.

I need to test the cargo installation on a different system but will open a separate issue for this topic if the problem still exists.

That's relieving to know! Thanks again for your collaboration on this issue 😄