The “WinUtil.Ink” shortcut is detected as “Trojan:Script/Phonzy.B!ml” #2965
Comments
|
I can confirm I have just received the same automatic quarantine of the "WinUtil.lnk" shortcut detecting it as "Trojan:Script/Phonzy.B!ml" stating "This program is dangerous and executes commands from an attacker." |
|
I can confirm too. |
|
Last week i created short cut, but win defender didn't detected it as trojan.
|
|
If you will be use defender, you will never can use powershell scripts without signature. Just switch off realtime defend if you want use normal software. Defender is your boss now, he say what you can use what not. |
|
I can't have the same issue with Bitdefander. So what I do is I go in turn bit defender off when I'm running the application script whatever |
This is not about BitDefender, but about Windows Defender. And yes, you could do the same thing with Windows Defender without any problem, but that's not the point or problem in question |
|
I can confirm too, but with a different type of threat (Map/DownLink-D). When i try to run the command, the powershell window closes itself almost instantaneously. I only have time to create the shortcut.
|
|
and what? This tread for calculating people who cant stop his antivirus. Need denied that people use freeware soft. |
|
I'll remove the shortcut creation and that will fix this flag. |
|
Fixed in latest commit, will go live at the next release. |
|
I have created a discussion with a step-by-step tutorial on adding the Winutil shortcut manually, in a way that replicates the previous (now removed) shortcut. |
Describe the bug
Today, Windows Defender said that the shortcut “WinUtil.Ink” was a trojan.
I've had this shortcut for a long time. To create the shortcut, I ran the tool from the “Launch Command - Stable Branch (Recommended)” on the homepage and then clicked the button to create the shortcut on the desktop.
To Reproduce
Steps to reproduce the behavior:
I haven't reproduced the bug. In fact, I haven't even opened the tool for a long time.
I suppose the closest thing to getting the same result is:
irm ‘https://christitus.com/win’ | iex” from the home page;Expected behavior
Not being caught as a Trojan and just existing in the desktop
Screenshots
(Note: The language below is Portuguese)
Quarantined:
Immediately after quarantine, it was deleted or blocked:
Additional context
I just opened the computer on a normal day and today it decided that the shortcut is a trojan. I didn't do anything special, it just happened. I didn't even open the shortcut.
The text was updated successfully, but these errors were encountered: