❔ Windows Defender false positives my application
after updating from dotnet 6 to 7 my game gets false positived by windows defender both when compiling myself and on the users end(there was a few time where i managed to compile without issues ands send over the files).
i downgraded back to net6 but the issue seems to have persisted. Any clues how to fix this without just adding exceptions into windows defender?
7 Replies
seems like it's a ML based false positive
there really isnt anything i can about this is 
Many security vendors have a false positives appeals link, could look if that one has.
For example: secureage (one of the vendors on the virustotal list) has an appeals process like this:
https://www.secureage.com/support/report-false-positive
though I believe many of them would only change it for that specific version of your application (it's hash) as they dont rly want to change their detection methods. Anyway, 1 hit hardly seems to be an issue, I think its more from Windows Defender's side an issue.
The issue may be linked to defender's analysis of the behaviour of your .dll. Have you tried building it in Release mode by any chance? The virus total only lists some of these actions:
IsDebuggerPresent can be seen as malicious, but in a debug build thats obviously not the case
You should submit the file that is being detected here:
https://www.microsoft.com/en-us/wdsi/filesubmission
Submit a file for malware analysis - Microsoft Security Intelligence
Submit suspected malware or incorrectly detected files for analysis. Submitted files will be added to or removed from antimalware definitions based on the analysis results.
This particular detection has been causing a lot of false positives on .NET programs and there are people on the Defender team looking into how to fix it.
Was this issue resolved? If so, run
/close - otherwise I will mark this as stale and this post will be archived until there is new activity.