Detected as Virus/Trojan by Microsoft Defender when installed from VS code about vscode-go HOT 12 CLOSED

We are going to release v0.41.1 tomorrow. The version disables vscgo invocation on windows.

Release candidate - https://github.com/golang/vscode-go/releases/tag/v0.41.1-rc.1

#3186 is the issue to revise the release workflow and reenable vscgo.
Thanks for reporting and investigating this issue.

from vscode-go.

This is a false positive. This is https://github.com/golang/vscode-go/blob/master/vscgo/main.go
and also see https://go.dev/doc/faq#virus.

Question for windows users: An alternative I am thinking is to package a precompiled binary with the extension, instead of letting the extension install the binary using go install when getting activated. But it is unclear to me if that's sufficient to make those virus scanners silent. As far as I know other extensions also bundle go binaries, for example GH copilot or google cloud code. Have the virus scanners complained them?

from vscode-go.

Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.405.308.0) fix this issue, so it really looks like false positive.

From the beginning I thought it was more likely an M$ problem. Anyway it would be nice if the golang developer team and M$ both collaborated to avoid false positives without compromising the security of the system.

from vscode-go.

@hyangah ,

thanks for quick response. I think everyone here was suspecting false positive, but we needed someone to check and confirm :)

But it is unclear to me if that's sufficient to make those virus scanners silent

Not sure either - most likely the presence/use of binary is the trigger, not the way it was delivered...

from vscode-go.

I just got the same...

from vscode-go.

Same here

from vscode-go.

I've updated the MSAV, and the problem remains. Does this file presents real threat or it's a false positive?

from vscode-go.

I'm getting this, which I guess is related. However, I don't know if its due to some corporate policy:

from vscode-go.

Question for windows users: An alternative I am thinking is to package a precompiled binary with the extension, instead of letting the extension install the binary using go install when getting activated. But it is unclear to me if that's sufficient to make those virus scanners silent.

This will help lowering the chances of false positive. MS Defender don't like applications that install software without user interaction.

from vscode-go.

Question for windows users: An alternative I am thinking is to package a precompiled binary with the extension

This, coupled with signing the binary with a code signing certificate, would be the best bet: most anti-malware solutions attach reputation to both the file hash (which will vary by release) and the certificate used to sign it (which will vary much more rarely), so code signing any PEs is a really good way of avoiding reputation-based false positives.

(Sadly it does come with a financial cost for the certificate, though - there's no equivalent of Let's Encrypt for code signing certs - yet!)

from vscode-go.

Change https://go.dev/cl/565679 mentions this issue: extension/src/goMain: skip vscgo installation on windows

from vscode-go.

Change https://go.dev/cl/565680 mentions this issue: [release] extension/src/goMain: skip vscgo installation on windows

from vscode-go.