Comments (17)
psiinon
commented on June 14, 2024
2
ZAP project lead here.
We do think this is very likely to be a false positive, but we are doing due diligence
from winget-pkgs.
psiinon
commented on June 14, 2024
2
New ZAP FAQ: https://www.zaproxy.org/faq/why-does-my-antivirus-tool-flag-zap/
from winget-pkgs.
vikingnope
commented on June 14, 2024
2
I've had a response from the Microsoft Security Response Center.
They have confirmed it is a False Positive and that they have rolled out a fix.
I think this issue can be closed now?
@psiinon , thank you for your cooperation and swift reply. We will be closing this ticket.🙂
@stephengillie or @ksast can you kindly close this ticket, please.
from winget-pkgs.
vikingnope
commented on June 14, 2024
I do not think this would be an issue form Winget's end since it is only a package manager which downloasd ready made files from the internet. If you were to download the same file from the website would the same issue happen?
from winget-pkgs.
ksast
commented on June 14, 2024
I do not think this would be an issue form Winget's end since it is only a package manager which downloasd ready made files from the internet. If you were to download the same file from the website would the same issue happen?
I agree it's not related to the winget software directly, however its related to a specific package distributed via the package manager's repository. Is there a better channel to address this concern?
To answer the question, yes the same issue happens when downloading the file from https://www.zaproxy.org/download.
from winget-pkgs.
vikingnope
commented on June 14, 2024
I mean the file downloaded through winget is from Github itself
I would recommend trying to check for system updates, maybe this was solved with some security update releases were it becomes excluded since it is a fake detection
Let me see if I can somewhere where to report this
from winget-pkgs.
vikingnope
commented on June 14, 2024
Maybe look at this: https://www.microsoft.com/en-us/wdsi/filesubmission
from winget-pkgs.
ksast
commented on June 14, 2024
I mean the file downloaded through winget is from Github itself
I would recommend trying to check for system updates, maybe this was solved with some security update releases were it becomes excluded since it is a fake detection
Let me see if I can somewhere where to report this
I have confirmed that detection signatures are up to date and the file is also detected by a few other security vendors on virustotal: https://www.virustotal.com/gui/file/28b348dd65116ddabbbbd98b7f84864a0bb0f98d656266f2f08bfd010ae51c57
How do you conclude that this is a fake detection or false positive?
If not confirmed as a false positive, I would see this as a potential supply chain attack, where a malicious file is distributed via a public package manager's repository. So correct me if I'm wrong, but such packages should not be further distributed until the case has been properly investigated.
from winget-pkgs.
vikingnope
commented on June 14, 2024
Files are scanned thoroughly usually before being allowed to be approved and posted on winget, but it may be that it is a malware (which I highly doubt).
See here: https://github.com/microsoft/winget-pkgs/blob/master/SECURITY.md
from winget-pkgs.
vikingnope
commented on June 14, 2024
Also see: zaproxy/zaproxy#8488
from winget-pkgs.
vikingnope
commented on June 14, 2024
I would recommend creating an issue on the zap proxy github and link this Issue so that we can keep track of this: https://github.com/zaproxy/zaproxy/issues
from winget-pkgs.
ksast
commented on June 14, 2024
I would recommend creating an issue on the zap proxy github and link this Issue so that we can keep track of this: https://github.com/zaproxy/zaproxy/issues
I will, thank you.
Also see: zaproxy/zaproxy#8488
I'm not quite happy how this was handled. One guy just recommended to report it as false positive without any justification. But maybe that's just me. Thx.
from winget-pkgs.
psiinon
commented on June 14, 2024
We are sure it is a false positive, as per zaproxy/zaproxy#8491 (comment)
But if anyone has any other evidence we can look at, or any contacts the the Microsoft Defender team then please let me know.
from winget-pkgs.
vikingnope
commented on June 14, 2024
@psiinon, maybe you can send an email on the email found in the docs below:
https://github.com/microsoft/winget-pkgs/blob/master/SECURITY.md
from winget-pkgs.
psiinon
commented on June 14, 2024
@vikingnope I've just done that 😁 I'll also be writing a ZAP FAQ which will explain this situation in more detail...
from winget-pkgs.
mdanish-kh
commented on June 14, 2024
[Policy] Area-External
from winget-pkgs.
psiinon
commented on June 14, 2024
I've had a response from the Microsoft Security Response Center.
They have confirmed it is a False Positive and that they have rolled out a fix.
I think this issue can be closed now?
from winget-pkgs.
Related Issues (20)
- [Package Request]: opsiclientd update HOT 6
- [Package Issue]: ShiningLight.OpenSSL is attempting to pull very large installer files
- [Package Request]: night-light
- [Package Issue]: Governikus.Ausweisapp / Governikus.Ausweisapp2
- [Package Issue]: Tonec.InternetDownloadManager
- [Package Issue]: Docker.DockerDesktop fails to upgrade with exit code 3
- [Package Issue]: Guru3D.Afterburner.Beta HOT 5
- [Package Issue]: Google.Drive HOT 5
- [Package Issue]: nomic.gpt4all HOT 6
- [Package Issue]: IDMComputerSolutions,Inc.UltraEdit HOT 7
- [Update Request]: EaseUS Partition Master version 18.8 installs v18.5 instead HOT 1
- [Update Request]: Update Microsoft.PerfView to Version 3.1.11
- [Package Issue]: Microsoft.DotNet.Runtime.3_1 HOT 6
- [Update Request]: Flux v2.3.0
- [New Feature]: install Viber via winget HOT 3
- [Update Request]: IDMComputerSolutions,Inc.UltraEdit HOT 2
- [Update Request]: Docker.DockerDesktop version 4.31.1 (153621)
- [Package Issue]: JonasJohn.RemoveEmptyDirectories HOT 2
- [Package Request]: SleepTimer Ultimate HOT 2
- Azure Monitor Agent
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from winget-pkgs.