Windows Defender detects Ubuntu 20.04’s jq package – false positive Trojan:Win32/Casdet!rfn
Date: August 22, 2020
-bash: /usr/bin/jq: cannot execute binary file: Exec format error
(23) Failed writing body
Windows 10 20.04 build 19041.450
Security Intelligence Version 1.321.1943.0
False positive. Detects signed jq bin from Ubuntu focal repo as Trojan:Win32/Casdet!rfn
Edit: Several other AV Engines also hit on it.
Edit 25 Aug 2020: Microsoft accepted false positive report and “fixed” it in definitions update 1.321.2133.0 which now detects jq as Trojan:Linux/CoinMiner.N!MTB
To be continued…
Edit 2: It is being discussed on GitHub
Leave a Reply