nebula: 🐛 BUG: Windows Defender false positive reports for Nebula

We are aware and working with Microsoft as best we can to resolve the false positive. You can get around it by building v1.7.2 from source for the time being.

In happier news, we were able to get in contact with the Microsoft Defender team and they’ve removed the indicators that were causing false positives for Nebula v1.7.2.

After reviewing VirusTotal scans, v1.7.2 is the only version of Nebula detected by Microsoft Defender. Other AV products on may still be flagging Nebula v1.7.2 or earlier. That being said, we hope that Microsoft’s removal of the Nebula software from their detection database will improve these false positives over time.

According to Microsoft, the updated security definitions should be available for update in the next 24-48 hours.

I will leave this ticket open until we have confirmed that the security updates have rolled out and Microsoft Defender is no longer detecting Nebula v1.7.2.

If you are affected by a false positive caused by another antivirus software, please open a new ticket describing the security product and version of Nebula affected and we’ll do our best to follow up.

We are continuing on work to solve this issue. Unfortunately, we have been unable to resolve this issue via contact with security vendors.

We are working to get an EV cert we can using for release signing, which we hope will mitigate the issue (#286.)

Please be patient while we continue to work to resolve this issue. We’re aware of the challenges it poses in Windows environments.

It appears that several AVs are affected, not only Windows Defender: https://www.virustotal.com/gui/file/e65b7de82a4d99b8c6657ffaf4c0437a4c576ab3e3ceca022fbdf45fae438b03

I didn’t download with Edge, but I did scan my old Wintendo version and then installed the new version, both without issue.

Thanks all for all the effort!

Just another update, per my own testing - it does seem that Defender is no longer detecting nebula.exe and nebula-cert.exe from inside the release ZIP file, but the ZIP file itself is still causing false positives, which makes download & install a challenge.

Additionally, I noted that when downloading any of the three files via MS Edge, it is still detecting false positives.

We are continuing to communicate with Microsoft to resolve the issue.

We are continuing on work to solve this issue. Unfortunately, we have been unable to resolve this issue via contact with security vendors.

We are working to get an EV cert we can using for release signing, which we hope will mitigate the issue (#286.)

Please be patient while we continue to work to resolve this issue. We’re aware of the challenges it poses in Windows environments.

Thank you for your efforts. I don’t think signing with a certificate will help with this problem. We sign our MSI package and this does not help in the situation with antiviruses. Of course, I will double-check what and how we sign when generating the MSI package and write the results here.

It appears that several AVs are affected, not only Windows Defender: https://www.virustotal.com/gui/file/e65b7de82a4d99b8c6657ffaf4c0437a4c576ab3e3ceca022fbdf45fae438b03

Exactly. And not only version 1.7.2. It seems to me that the name of the issue needs to be corrected…

@TyIsI Thanks for the clarification. This bug is tracking the issue across many versions of Nebula and both binaries.