rtk-ai/rtk

Windows Defender flags v0.39.0 Windows asset as Trojan:Win32/Bearfoos.B!ml

Open

#1.782 geöffnet am 8. Mai 2026

Auf GitHub ansehen
 (1 Kommentar) (1 Reaktion) (0 zugewiesene Personen)Rust (2.914 Forks)batch import
area:securitybughelp wantedplatform:windowspriority:high

Repository-Metriken

Stars
 (48.085 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 11T 1h) (45 gemergte PRs in 30 T)

Beschreibung

Summary

Microsoft Defender Antivirus flags the official v0.39.0 Windows release asset as Trojan:Win32/Bearfoos.B!ml.

Affected asset

Defender detection

  • Detection: Trojan:Win32/Bearfoos.B!ml
  • Threat ID: 2147731849
  • Severity: Severe
  • Category: Trojan
  • Defender security intelligence: AV/AS/NIS 1.449.506.0
  • Engine: 1.1.26030.3008
  • Action: Quarantine
  • DidThreatExecute: False
  • First detection: 2026-05-08 03:26:34 local time
  • Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Affected local paths

  • C:\Users\Arthur A. Martins\.local\bin\rtk.exe
  • C:\Users\Arthur A. Martins\AppData\Local\Temp\rtk-18614f5410514dccac17eceb1d8b6902\rtk.exe

Notes

The local ZIP hash matches the official GitHub release asset digest, so this does not look like local tampering of the downloaded archive. Defender blocks the extracted executable when attempting to hash or inspect it.

I am also submitting the file/hash to Microsoft Security Intelligence as a likely false positive.

Related prior reports: #1633, #1749.

Contributor Guide