For the past several months the CrowdStrike Falcon endpoint protection platform has been flagging builds of our WebCopy and Sitemap Creator products as malicious.
A few weeks after this originally started I contacted their support to try and get a solution. Each time, they would check the builds, state they were clean and whitelist that one build. Of course, as soon as our CI server pushed out a new build, they automatically flagged it as malicious again.
It has now been several months and their support doesn't answer
emails or provide any reason why they keep flagging the software
as malicious. As we are quite certain these are false positives
(firstly, every build is sent to VirusTotal for analysis by
multiple engines, second, each time we originally contacted them
with one of the file hashes they investigated and reported
clean) we have decided to add CrowdStrike detections
Win/malicious_confidence_80% (D) and
Win/malicious_confidence_90% (D) to an ignore list. Therefore,
if one of these is the only detection, the build will be made
available for download.
Of course, there are no guarantees and so you should still be cautious when downloading files from the internet.
Like what you're reading? Perhaps you like to buy us a coffee?
# Piotr Farbiszewski
# Richard Moss