Windows Defender quarantined Slicer.exe

Support
1

On my university-managed computer, Slicer.exe disappeared from the install tree. Windows Defender quarantined the executable due to “potentially unwanted behavior”.

image

It states that it detected Program:Win32/Beareuws.A!ml, which must be a false positive. I’ve submitted the executable to VirusTotal and nothing was detected (just one bogus engine out of 68 indicated “unsafe” without any more information).

@jcfr You have submitted false positives to Microsoft before. Would you be able to submit this Slicer5 Slicer.exe executable?

2

You have submitted false positives to Microsoft before. Would you be able to submit this Slicer5 Slicer.exe executable?

I will engage with our security team and follow up.

1 Like
3

The file has been submitted for analysis.

This was done following instructions published at Address false positives/negatives in Microsoft Defender for Endpoint | Microsoft Learn

Results (as of 2022.06.10)

image

Submitted information

The following information were provided:

  • Select the Microsoft security product used to scan the file:
    Microsoft Defender Antivirus (Windows 10)

  • What do you believe this file is?
    Incorrectly detected as PUA (potentially unwanted application)

  • Detection name: Program:Win32/Beareuws.A!ml

  • Definition version (recommended):
    Unknown

  • Additional information:

    Since the submission form was stripping new lines, I added separator to more clearly identify the paragraph

    This corresponds to the statically built launcher (C++/Qt)
we shipped within the windows Slicer distribution available
for download at https://download.slicer.org
  
##################################
The false detection has been discussed in 
(1) https://discourse.slicer.org/t/windows-defender-quarantined-slicer-exe/23613 
and
(2) https://discourse.slicer.org/t/windows-security-warning-on-stable/23804
  
##################################
The binary is built using this GitHub project:
https://github.com/commontk/AppLauncher
  
##################################
It downloads (see [1]) a pre-built version of Qt that I built and published here:
https://github.com/jcfr/qt-static-build/releases/tag/applauncher-5.11.2-vs2017
  
##################################
[1] https://github.com/commontk/AppLauncher/blob/c55d1a49844288248f7454624eea416302d895da/appveyor.yml#L36-L39
1 Like
4

@muratmaga @lassoan Do you have more details regarding this ?

5

For me it was the with the latest definition version as of 2022-05-25. I’m not sure if it’s still removes the executable. I’ve tried a manual scan of the Slicer folder and it did not do anything, but maybe because I’ve manually restored the file before.