For the past several months the CrowdStrike Falcon endpoint protection platform has been flagging builds of our WebCopy and Sitemap Creator products as malicious.
A few weeks after this originally started I contacted their support to try and get a solution. Each time, they would check the builds, state they were clean and whitelist that one build. Of course, as soon as our CI server pushed out a new build, they automatically flagged it as malicious again.
It has now been several months and their support doesn't answer
emails or provide any reason why they keep flagging the software
as malicious. As we are quite certain these are false positives
(firstly, every build is sent to VirusTotal for analysis by
multiple engines, second, each time we originally contacted them
with one of the file hashes they investigated and reported
clean) we have decided to add CrowdStrike detectionsWin/malicious_confidence_80% (D) andWin/malicious_confidence_90% (D) to an ignore list. Therefore,
if one of these is the only detection, the build will be made
available for download.
Of course, there are no guarantees and so you should still be cautious when downloading files from the internet.
All content Copyright (c) by Cyotek Ltd or its respective writers. Permission to reproduce news and web log entries and other RSS feed content in unmodified form without notice is granted provided they are not used to endorse or promote any products or opinions (other than what was expressed by the author) and without taking them out of context. Written permission from the copyright owner must be obtained for everything else.
Original URL of this content is https://www.cyotek.com/blog/products/crowdstrike-falcon-false-positives?source=rss.