rtk-ai/rtk

Windows Defender flags v0.39.0 Windows asset as Trojan:Win32/Bearfoos.B!ml

Open

#1,782 opened on May 8, 2026

View on GitHub
 (1 comment) (1 reaction) (0 assignees)Rust (2,914 forks)batch import
area:securitybughelp wantedplatform:windowspriority:high

Repository metrics

Stars
 (48,085 stars)
PR merge metrics
 (Avg merge 11d 1h) (45 merged PRs in 30d)

Description

Summary

Microsoft Defender Antivirus flags the official v0.39.0 Windows release asset as Trojan:Win32/Bearfoos.B!ml.

Affected asset

Defender detection

  • Detection: Trojan:Win32/Bearfoos.B!ml
  • Threat ID: 2147731849
  • Severity: Severe
  • Category: Trojan
  • Defender security intelligence: AV/AS/NIS 1.449.506.0
  • Engine: 1.1.26030.3008
  • Action: Quarantine
  • DidThreatExecute: False
  • First detection: 2026-05-08 03:26:34 local time
  • Process: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Affected local paths

  • C:\Users\Arthur A. Martins\.local\bin\rtk.exe
  • C:\Users\Arthur A. Martins\AppData\Local\Temp\rtk-18614f5410514dccac17eceb1d8b6902\rtk.exe

Notes

The local ZIP hash matches the official GitHub release asset digest, so this does not look like local tampering of the downloaded archive. Defender blocks the extracted executable when attempting to hash or inspect it.

I am also submitting the file/hash to Microsoft Security Intelligence as a likely false positive.

Related prior reports: #1633, #1749.

Contributor guide