Windows 1.17.5 version detected as Trojan:Win32/Bearfoos.A!ml

[CreativePR]

In Windows version 1.17.5 - Windows Defender now detecting iCloudPD as Trojan:Win32/Bearfoos.A!ml

Previous versions did not have this issue.

[boredazfcuk]

Someone else seeing same issue, with an app they wrote themself:

https://superuser.com/questions/1416678/my-own-backup-program-was-detected-as-win32-bearfoos-aml-virus#1417342

[AndreyNikiforov]

tested with https://www.virustotal.com/gui/file/1df602c6413610c4ae4b92b7d652054a193458eeaee7127a1339d61a106a6e33/detection - looks like two other products detect viruses, but Windows Defender seems to be okay (I assume 'Microsoft" in the report is Windows Defender)...

As a workaround, I can suggest updating Windows Defender.

[CreativePR]

tested with https://www.virustotal.com/gui/file/1df602c6413610c4ae4b92b7d652054a193458eeaee7127a1339d61a106a6e33/detection - looks like two other products detect viruses, but Windows Defender seems to be okay (I assume 'Microsoft" in the report is Windows Defender)...

As a workaround, I can suggest updating Windows Defender.

I'll check it out- thanks

[AndreyNikiforov]

@CreativePR has you solved the issue?

[Lheligh]

@AndreyNikiforov Same issue here - except Windows Defender marking the ZIP as "Trojan:Win32/Wacatac.H!ml" - for both v1.17.5 and the latest 1.18.x

Security Intelligence version is latest at 1.411.423.0

[AndreyNikiforov]

The tool that we use to package icloudpd suggests that false positive detection for trojans is because many trojans are using the same tool for packaging their apps. Reporting the issue as false positive to Win Defender authors or not using Win Defender at all were the two options suggested.

Closing as there is nothing icloudpd can do about that.