2

I wanted to copy from a local publish location of my ASP.NET Core project on a production IIS Server, and Windows Defender detected a Trojan in my main executable file. When I scan this folder on my local machine, Defender does not find any threat. enter image description here

I made a deployment package in Visual Studio, on my computer there are no threats, only thing I can refer to is that ASP.NET Core app creates an EXE that opens HTTP ports. Do I have a real problem, or Windows Defender is not right about my application?

vpetrovic
  • 133
  • 1
  • 6

1 Answers1

4

The Win32/Cloxer.D!cl detection is a machine-learning derived signature:

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FCloxer.D!cl&threatid=2147726003

Because of this, it could be flagging on any number of behavioral indicators including network connections, loaded libraries, or functions calls.

While it's possible that your packager or compiler is infected(a la XCodeGhost), it's much more likely that it's a false-positive.

Angelo Schilling
  • 681
  • 3
  • 11