CrowdStrike Falcon False Positives

For the past several months the CrowdStrike Falcon endpoint protection platform has been flagging builds of our WebCopy and Sitemap Creator products as malicious.

A few weeks after this originally started I contacted their support to try and get a solution. Each time, they would check the builds, state they were clean and whitelist that one build. Of course, as soon as our CI server pushed out a new build, they automatically flagged it as malicious again.

It has now been several months and their support doesn't answer emails or provide any reason why they keep flagging the software as malicious. As we are quite certain these are false positives (firstly, every build is sent to VirusTotal for analysis by multiple engines, second, each time we originally contacted them with one of the file hashes they investigated and reported clean) we have decided to add CrowdStrike detections Win/malicious_confidence_80% (D) and Win/malicious_confidence_90% (D) to an ignore list. Therefore, if one of these is the only detection, the build will be made available for download.

Of course, there are no guarantees and so you should still be cautious when downloading files from the internet.


Like what you're reading? Perhaps you like to buy us a coffee?

Buy Me A Coffee


Comments

We'll never share your email with anyone else Styling with Markdown is supported