Windows AV flagging coder-windows-amd64.exe
Hey there, wanted to flag this. Trying out coder and my antivirus (windows defender) is flagging this executable that is downloaded from coder when first connecting to a workspace from VSCode (under /bin/coder-windows-amd64.exe).
Seems very likely to be a false positive but still possibly a concerning finding. Virustotal looks a bit more promising for windows AV but CAPE sandbox has flagged it as potentially containing malware. https://www.virustotal.com/gui/file/bc9c1189f1c75934acac13271be1637fe8d3322525b23f8047d52964399f595c/behavior
Coder Version: v2.10.0+a7234f6
AV definition version: 1.409.351.0
VirusTotal
VirusTotal
2 Replies
My best guess is that this is because we currently don't sign our CLI. I had a look through the report you linked, and the things it's flagging as malware-ish are things that that we embed into the binary (for example, slim binaries for each platform, agent startup scripts, and so on).
There is an issue tracking Windows binary signing here https://github.com/coder/coder/issues/359 if you want to follow along!
GitHub
Sign Windows CLI · Issue #359 · coder/coder
Acceptance Criteria As a user, I want the Coder CLI on Windows signed because of organization security policy and peace of mind that the CLI is secure. Use osslsignencode to sign the Windows binary...
Solution