Windows Defender detects Ubuntu 20.04’s jq package – false positive Trojan:Win32/Casdet!rfn

Date: August 22, 2020
Categories: Security, Ubuntu

-bash: /usr/bin/jq: cannot execute binary file: Exec format error
(23) Failed writing body

Windows 10 20.04 build 19041.450

Security Intelligence Version 1.321.1943.0

False positive. Detects signed jq bin from Ubuntu focal repo as Trojan:Win32/Casdet!rfn

Edit: Several other AV Engines also hit on it.

Edit 25 Aug 2020: Microsoft accepted false positive report and “fixed” it in definitions update 1.321.2133.0 which now detects jq as Trojan:Linux/CoinMiner.N!MTB

To be continued…

Edit 2: It is being discussed on GitHub

«
»

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.