swap-usage: Windows | Virus detected #796
Comments
|
Yes, unfortunately for Windows we get this on a regular basis. Be aware that VirusTotal produces a lot of false positives. Many scanners have a 'better safe than sorry' attitude as security is their business. Some scanners will classify legitimate applications as malicious simply because they access the clipboard or get the desktop statistics. We have also started to report false positives, and some of the scanner vendors act very quickly by correcting their scanners, but this has to be done separately for each scanner, for each check-plugin and with every new version. The best thing would be to get the executables code-signed - something we're working on, currently clarifying how to get a code-signing certificate for open source projects (see #791). Closing this issue. |
This issue respects the following points:
Which variant of the Monitoring Plugins do you use?
Bug description
Our virus detection engine (Trellix) escalates on christmas holidays and alerts every run of swap-usage check on Windows Server. A file based virus scan removes the swap-usage.exe file from server.
I take a look in virustotal and unfortunately there are actually 10 vendors which flagged this check file as malicious. (Link to Virtustotal) A quick view in respository or included libraries like psutil give me not more information about the reason.
Do you have any idea?
Steps to reproduce - Plugin call
'C:\ProgramData\icinga2\usr\lib64\nagios\plugins\swap-usage.exe' '--critical' '100' '--warning' '99'
Steps to reproduce - Data
No response
Environment
Windows Server 2019 - 2022
Trellix ENS
Plugin Version
swap-usage.exe: v2024033101 by Linuxfabrik GmbH, Zurich/Switzerland
Python version
No response
List of Python modules
No response
Additional Information
No response
The text was updated successfully, but these errors were encountered: