Visual Studio 2022 generates virus?

Question

Visual Studio 2022 generates virus?

Michael Frandsen 16

I was just now following a tutorial and asked to run my code.
The execution failed because it did not have access to the file, and my virus scanner then reported the file had been quarantined as it detected Gen:Variant.Cerbu.123013
Anyone else experiencing this behavior?

Jack J Jun 25,296 Reputation points

2021-12-22T07:53:49.883+00:00

@Michael Frandsen , what is your tutorial? Can you provide the link or code example?
Michael Frandsen 16 Reputation points

2021-12-22T10:56:51.85+00:00
The tutorial is the matching game from headfirst c# and no code was added just yet other than an empty method. In fact, it compiles if switched to release and can run with no problem, so my guess is that some of the debug code triggers the scanner.

namespace MatchGame
{
/// <summary>
/// Interaction logic for MainWindow.xaml
/// </summary>
public partial class MainWindow : Window
{
public MainWindow()
{
InitializeComponent();
SetUpGame();
}

private void SetUpGame() { throw new NotImplementedException(); } }

}
Ken Tucker 5,861 Reputation points

2021-12-22T11:17:17.557+00:00

@Michael Frandsen What antivirus do you use?
Michael Frandsen 16 Reputation points

2021-12-22T11:21:04.653+00:00

Chili Security, but regardless any scanner should not catch an empty shell application.
Viorel 122.6K Reputation points

2021-12-22T11:41:08.93+00:00

Maybe you can consider it a problem of the scanner and ask the manufacturer for support.
Michael Frandsen 16 Reputation points

2021-12-22T11:43:07.477+00:00

lol yea push the problem around :D
Thought Id ask here since I can remove the problem by switching around the solution in Visual Studio. It generates the problem not the scanner.
Easier fix is uninstalling the scanner (BAD solution)
Michael Frandsen 16 Reputation points

2021-12-22T11:49:15.757+00:00

pardon me but its kinda annoying that the first response is always "it's the others problem"
I thought perhaps Microsoft would be glad that someone points out that some of the auto-generated code may be seen as hazardous. I am well aware that not all detections are, but still.
Lex Li 6,037 Reputation points Microsoft Employee

2021-12-22T15:46:22.29+00:00

Nowadays antivirus vendors (not only the one you use) seem to favor bundling their immature machine learning based detection algorithms, which introduces tons of false positives (not only your case). Like it or not, the feasible solution is not Microsoft fixes everything, but you move away from an irresponsible antivirus vendor that creates the noise. There are millions of developers working on Visual Studio so if the things are as "hazardous" as you assumed, you won't be the first to report it.
Michael Frandsen 16 Reputation points

2021-12-22T16:10:56.163+00:00

I now completely reinstalled VS-2022 and do not run into the same problem.
However, I have not installed the "ML.NET Model Builder 2022" update that is notified and will not do so as this could be the root cause.
Michael Frandsen 16 Reputation points

2021-12-22T17:27:25.21+00:00

Sorry for reporting, Won't happen again. I was not trying to offend anyone.
Then you certainly call very respected antivirus vendors irresponsible too as I see this in many places.
Lastly, I did not assume it was hazardous but the scanner was the one excluding it. As stated above, I did not install the latest update of ML.NET Model Builder 2022, and the problem was gone. Use the info or not but I guess Microsoft is always correct
Ken Tucker 5,861 Reputation points

2021-12-22T22:21:26.577+00:00

I have seen some recommendations about excluding your project folder from your virus scanner to speed up builds. I would also contact Chili Security about why it thinks your app is a virus
Michael Frandsen 16 Reputation points

2021-12-23T07:40:38.613+00:00

That argument I can accept on why to disable. It makes sense to disable scanners for this reason on large applications.
The thing is though that I did not even write any code. A colleague has experienced also that an application was suddenly not able to build without adding code (in VS C++) to see if it was in fact an update of Visual Studio that caused this. I was able to find that the already mentioned update caused it.
If thinking about the responses about having millions of users and hence not being a Microsoft problem, would those users not want to know that anything distributed to billions of customers, does not potentially detect as harmful software? And if it then does, would they not start using examining their own code and spend countless hours not finding the cause?
Having been a test engineer for nearly 3 decades, I always start looking into my own work first before looking elsewhere. So it puzzles me why Microsoft engineers will not take the finding and use the feedback. Everyone knows that software is prone to mistakes, even Microsoft software despite the statements of being flawless.
Is it a big task to test software in this regard? yes, but that is the thing of having billions of users that there are billions of configurations possible.
Lex Li 6,037 Reputation points Microsoft Employee

2021-12-23T07:51:02.03+00:00

"why Microsoft engineers will not take the finding and use the feedback" sounds rather strange to me. Your feedback though valuable in some degree only indicates a false positive of a virus scanner that isn't even famous world wide, so why should it be treated as kind of top priority?

What makes you feel that Microsoft doesn't have a strict policy internally to scan their binaries against a variety of famous and main stream antivirus software before shipping to customers (and many of such are big enterprises and governments which mandate Microsoft to meet the highest standards)?

If you really worked as a test engineer for nearly 3 decades, I assume those are the basic facts you can imagine.
Michael Frandsen 16 Reputation points

2021-12-23T08:07:55.11+00:00

I never asked for top priority, but I know this is seen more worldwide (USA is worldwide I guess) used scanners too.
I already found my answer and will NOT install the update that triggers a scanner. All I say is that other scanners may be triggered too (which I stated more than once that I have seen)

Whether you believe me or not in being a test engineer for nearly 3 decades, is up to you. I found my answer, tried to let you know there is potentially a problem in the update, so use it or not. I don't give a ****.
Michael Frandsen 16 Reputation points

2021-12-23T09:05:53.883+00:00

NB: "distributed to billions of users" means the applications built using VS 2022 and not Microsoft distributed SW. Just so you read it as intended!
Michael Frandsen 16 Reputation points

2021-12-23T10:07:46.11+00:00

In case you think I only ride one horse, I can now inform you that Chili Security is using BitDefender in their solution which is quite known!

packonet 1

I have the same problem

Windows 10 Pro, Bitdefender .. update 22/12/2022

My code:

using System;

namespace delegadosPredicados
{
class Program
{ // Creacíón del objetoDelegado (ElDelegado) apuntando a Bienvenida
static void Main(string[] args)
{
List<int> listaNumeros = new List<int>();
listaNumeros.AddRange(new int[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 });

        // Declaración de delegado predicado  
        Predicate<int> delegadoPred = new Predicate<int>(DamePares);  

        // Creamos la lista que devuelve (la de los números pares)  
        List<int> numPares = listaNumeros.FindAll(delegadoPred);  

        foreach (int num in numPares)  
        {  
            Console.WriteLine(num);  
        }  
    }  
    static bool DamePares(int num)  
    {  
        if (num % 2 == 0) return true;  
        else return false;  
    }  
}

}

3 answers

Your answer

Jack J Jun 25,296 Reputation points

2021-12-22T07:53:49.883+00:00

@Michael Frandsen , what is your tutorial? Can you provide the link or code example?
Michael Frandsen 16 Reputation points

2021-12-22T10:56:51.85+00:00

The tutorial is the matching game from headfirst c# and no code was added just yet other than an empty method. In fact, it compiles if switched to release and can run with no problem, so my guess is that some of the debug code triggers the scanner.

namespace MatchGame
{
/// <summary>
/// Interaction logic for MainWindow.xaml
/// </summary>
public partial class MainWindow : Window
{
public MainWindow()
{
InitializeComponent();
SetUpGame();
}

private void SetUpGame() { throw new NotImplementedException(); } }

}
Ken Tucker 5,861 Reputation points

2021-12-22T11:17:17.557+00:00

@Michael Frandsen What antivirus do you use?
Michael Frandsen 16 Reputation points

2021-12-22T11:21:04.653+00:00

Chili Security, but regardless any scanner should not catch an empty shell application.
Viorel 122.6K Reputation points

2021-12-22T11:41:08.93+00:00

Maybe you can consider it a problem of the scanner and ask the manufacturer for support.
Michael Frandsen 16 Reputation points

2021-12-22T11:43:07.477+00:00

lol yea push the problem around :D
Thought Id ask here since I can remove the problem by switching around the solution in Visual Studio. It generates the problem not the scanner.
Easier fix is uninstalling the scanner (BAD solution)
Michael Frandsen 16 Reputation points

2021-12-22T11:49:15.757+00:00

pardon me but its kinda annoying that the first response is always "it's the others problem"
I thought perhaps Microsoft would be glad that someone points out that some of the auto-generated code may be seen as hazardous. I am well aware that not all detections are, but still.
Lex Li 6,037 Reputation points Microsoft Employee

2021-12-22T15:46:22.29+00:00

Nowadays antivirus vendors (not only the one you use) seem to favor bundling their immature machine learning based detection algorithms, which introduces tons of false positives (not only your case). Like it or not, the feasible solution is not Microsoft fixes everything, but you move away from an irresponsible antivirus vendor that creates the noise. There are millions of developers working on Visual Studio so if the things are as "hazardous" as you assumed, you won't be the first to report it.
Michael Frandsen 16 Reputation points

2021-12-22T16:10:56.163+00:00

I now completely reinstalled VS-2022 and do not run into the same problem.
However, I have not installed the "ML.NET Model Builder 2022" update that is notified and will not do so as this could be the root cause.
Michael Frandsen 16 Reputation points

2021-12-22T17:27:25.21+00:00

Sorry for reporting, Won't happen again. I was not trying to offend anyone.
Then you certainly call very respected antivirus vendors irresponsible too as I see this in many places.
Lastly, I did not assume it was hazardous but the scanner was the one excluding it. As stated above, I did not install the latest update of ML.NET Model Builder 2022, and the problem was gone. Use the info or not but I guess Microsoft is always correct
Ken Tucker 5,861 Reputation points

2021-12-22T22:21:26.577+00:00

I have seen some recommendations about excluding your project folder from your virus scanner to speed up builds. I would also contact Chili Security about why it thinks your app is a virus
Michael Frandsen 16 Reputation points

2021-12-23T07:40:38.613+00:00

That argument I can accept on why to disable. It makes sense to disable scanners for this reason on large applications.
The thing is though that I did not even write any code. A colleague has experienced also that an application was suddenly not able to build without adding code (in VS C++) to see if it was in fact an update of Visual Studio that caused this. I was able to find that the already mentioned update caused it.
If thinking about the responses about having millions of users and hence not being a Microsoft problem, would those users not want to know that anything distributed to billions of customers, does not potentially detect as harmful software? And if it then does, would they not start using examining their own code and spend countless hours not finding the cause?
Having been a test engineer for nearly 3 decades, I always start looking into my own work first before looking elsewhere. So it puzzles me why Microsoft engineers will not take the finding and use the feedback. Everyone knows that software is prone to mistakes, even Microsoft software despite the statements of being flawless.
Is it a big task to test software in this regard? yes, but that is the thing of having billions of users that there are billions of configurations possible.
Lex Li 6,037 Reputation points Microsoft Employee

2021-12-23T07:51:02.03+00:00

"why Microsoft engineers will not take the finding and use the feedback" sounds rather strange to me. Your feedback though valuable in some degree only indicates a false positive of a virus scanner that isn't even famous world wide, so why should it be treated as kind of top priority?

What makes you feel that Microsoft doesn't have a strict policy internally to scan their binaries against a variety of famous and main stream antivirus software before shipping to customers (and many of such are big enterprises and governments which mandate Microsoft to meet the highest standards)?

If you really worked as a test engineer for nearly 3 decades, I assume those are the basic facts you can imagine.
Michael Frandsen 16 Reputation points

2021-12-23T08:07:55.11+00:00

I never asked for top priority, but I know this is seen more worldwide (USA is worldwide I guess) used scanners too.
I already found my answer and will NOT install the update that triggers a scanner. All I say is that other scanners may be triggered too (which I stated more than once that I have seen)

Whether you believe me or not in being a test engineer for nearly 3 decades, is up to you. I found my answer, tried to let you know there is potentially a problem in the update, so use it or not. I don't give a ****.
Michael Frandsen 16 Reputation points

2021-12-23T09:05:53.883+00:00

NB: "distributed to billions of users" means the applications built using VS 2022 and not Microsoft distributed SW. Just so you read it as intended!
Michael Frandsen 16 Reputation points

2021-12-23T10:07:46.11+00:00

In case you think I only ride one horse, I can now inform you that Chili Security is using BitDefender in their solution which is quite known!
packonet 1 Reputation point

2022-12-22T14:39:02.903+00:00

I have the same problem

Windows 10 Pro, Bitdefender .. update 22/12/2022

My code:

using System;

namespace delegadosPredicados
{
class Program
{ // Creacíón del objetoDelegado (ElDelegado) apuntando a Bienvenida
static void Main(string[] args)
{
List<int> listaNumeros = new List<int>();
listaNumeros.AddRange(new int[] { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 });

// Declaración de delegado predicado Predicate<int> delegadoPred = new Predicate<int>(DamePares); // Creamos la lista que devuelve (la de los números pares) List<int> numPares = listaNumeros.FindAll(delegadoPred); foreach (int num in numPares) { Console.WriteLine(num); } } static bool DamePares(int num) { if (num % 2 == 0) return true; else return false; } }

}

Answer 1

Karen Payne MVP 35,586 Volunteer Moderator

Any anti-virus software that is reputable has one or more exclusion list which in your case (no knowledge of Chili Security) should be able to excluded the folder for your executable under the debug folder which includes the executables and also should be able to grant access to the any other resource via Chili Security or Active Directory. And if by chance running AD under an organization you may need to work with their engineers.

And as mentioned by @Anonymous Visual Studio is used by countless developers thus not a Visual Studio issue.

Michael Frandsen 16 Reputation points

2021-12-22T17:18:10.693+00:00

I am fully aware of this but as I commented above, the solution was not to install the update and it is no longer detected as a virus.
Disregarding by use of exclusion is for me always the last resort. Also that there are many users, do not exclude there may be mistakes in the software, sorry.

Answer 2

Michael Frandsen 16

Not installing the update "ML.NET Model Builder 2022" and it was not detected as a threat.

Answer 3

I had the same problem, however when updating a project with VS2022, originally done in VS2015 and using VB. After compiling and taking the executable to the installation folder, a few seconds after replacing the old executable, Windows Defender detected a virus (Win32/Nuqel!pz), removed it from the run folder and quarantined it. My client, who needed to use the new version, had to put the executable as an exception, which is a reduced security condition.

After a few hours of research and testing, I came up with a solution: I selected Sign Assembly and then chose a strong-named key file. I recompiled it and there was no more problem.

Prior to this, as soon as I put the project into VS2022, I selected Sign ClickOnce manifests and created a valid certificate. But this was not enough.

Share via

Visual Studio 2022 generates virus?

3 answers

Your answer