On my university-managed computer, Slicer.exe disappeared from the install tree. Windows Defender quarantined the executable due to “potentially unwanted behavior”.
It states that it detected Program:Win32/Beareuws.A!ml, which must be a false positive. I’ve submitted the executable to VirusTotal and nothing was detected (just one bogus engine out of 68 indicated “unsafe” without any more information).
@jcfr You have submitted false positives to Microsoft before. Would you be able to submit this Slicer5 Slicer.exe executable?
Select the Microsoft security product used to scan the file: Microsoft Defender Antivirus (Windows 10)
What do you believe this file is?
Incorrectly detected as PUA (potentially unwanted application)
Detection name: Program:Win32/Beareuws.A!ml
Definition version (recommended):
Unknown
Additional information:
Since the submission form was stripping new lines, I added separator to more clearly identify the paragraph
This corresponds to the statically built launcher (C++/Qt)
we shipped within the windows Slicer distribution available
for download at https://download.slicer.org
##################################
The false detection has been discussed in
(1) https://discourse.slicer.org/t/windows-defender-quarantined-slicer-exe/23613
and
(2) https://discourse.slicer.org/t/windows-security-warning-on-stable/23804
##################################
The binary is built using this GitHub project:
https://github.com/commontk/AppLauncher
##################################
It downloads (see [1]) a pre-built version of Qt that I built and published here:
https://github.com/jcfr/qt-static-build/releases/tag/applauncher-5.11.2-vs2017
##################################
[1] https://github.com/commontk/AppLauncher/blob/c55d1a49844288248f7454624eea416302d895da/appveyor.yml#L36-L39
For me it was the with the latest definition version as of 2022-05-25. I’m not sure if it’s still removes the executable. I’ve tried a manual scan of the Slicer folder and it did not do anything, but maybe because I’ve manually restored the file before.