Windows Defender flags test assembly as ransomware

[sfreed141]

Cloning (commit cefdc20) and building with no changes results in Renci.SshNet.Tests.dll being flagged as ransomware (Ransom:MSIL/Hasadcrypt.A). Does anyone have an idea what portion of the code could be suspect?

System info: Windows 10 Enterprise version 10.0.19042 Build 19042

[darkoperator]

Could be any of the encryption library or that many of them are loaded at once. I would report it to MS

…

On Dec 2, 2020, at 5:31 PM, Sam Freed ***@***.***> wrote: Cloning (commit cefdc20 <cefdc20>) and building with no changes results in Renci.SshNet.Tests.dll being flagged as ransomware (Ransom:MSIL/Hasadcrypt.A). Does anyone have an idea what portion of the code could be suspect? System info: Windows 10 Enterprise version 10.0.19042 Build 19042 — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#747>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAD7IHTAQKIZZRLSMOVH6LDSS2W2NANCNFSM4ULCHDJA>.

[sfreed141]

Reported to MS. Btw the file that is causing the issue is https://github.com/sshnet/SSH.NET/blob/develop/src/Renci.SshNet.Tests/Classes/PrivateKeyFileTest.cs. If I remove it from the build I can build and run tests fine.

[bad-samaritan]

Unfortunately it's still the case.
Today my Defender flagged Renci.SshNet.Tests.dll as MSIL/Hasadcrypt.A for all targets (.NET Framework and NET Core).
On the other hand this does not seem like a Microsoft Defender only issue - on VirusTotal 16/69 engines flags it as Malicious.

[zybexXL]

Still the same today for me, just for target NET4.0 in Debug profile.

[zybexXL]

Fixed with PR #867

[IgorMilavec]

Duplicate of #737