Windows Defender quarantined Slicer.exe

On my university-managed computer, Slicer.exe disappeared from the install tree. Windows Defender quarantined the executable due to “potentially unwanted behavior”.

image

It states that it detected Program:Win32/Beareuws.A!ml, which must be a false positive. I’ve submitted the executable to VirusTotal and nothing was detected (just one bogus engine out of 68 indicated “unsafe” without any more information).

@jcfr You have submitted false positives to Microsoft before. Would you be able to submit this Slicer5 Slicer.exe executable?

You have submitted false positives to Microsoft before. Would you be able to submit this Slicer5 Slicer.exe executable?

I will engage with our security team and follow up.

1 Like

The file has been submitted for analysis.

This was done following instructions published at Address false positives/negatives in Microsoft Defender for Endpoint - Microsoft Defender for Endpoint | Microsoft Learn

Results (as of 2022.06.10)

Submitted information

The following information were provided:

  • Select the Microsoft security product used to scan the file:
    Microsoft Defender Antivirus (Windows 10)

  • What do you believe this file is?
    Incorrectly detected as PUA (potentially unwanted application)

  • Detection name: Program:Win32/Beareuws.A!ml

  • Definition version (recommended):
    Unknown

  • Additional information:

    Since the submission form was stripping new lines, I added separator to more clearly identify the paragraph

    This corresponds to the statically built launcher (C++/Qt)
    we shipped within the windows Slicer distribution available
    for download at https://download.slicer.org
      
    ##################################
    The false detection has been discussed in 
    (1) https://discourse.slicer.org/t/windows-defender-quarantined-slicer-exe/23613 
    and
    (2) https://discourse.slicer.org/t/windows-security-warning-on-stable/23804
      
    ##################################
    The binary is built using this GitHub project:
    https://github.com/commontk/AppLauncher
      
    ##################################
    It downloads (see [1]) a pre-built version of Qt that I built and published here:
    https://github.com/jcfr/qt-static-build/releases/tag/applauncher-5.11.2-vs2017
      
    ##################################
    [1] https://github.com/commontk/AppLauncher/blob/c55d1a49844288248f7454624eea416302d895da/appveyor.yml#L36-L39
    
1 Like

@muratmaga @lassoan Do you have more details regarding this ?

For me it was the with the latest definition version as of 2022-05-25. I’m not sure if it’s still removes the executable. I’ve tried a manual scan of the Slicer folder and it did not do anything, but maybe because I’ve manually restored the file before.