这是一个创于 668 天前的主题,其中的信息可能已经有所发展或是发生改变。
各位 V 友帮我看看是我中病毒了还是确实是误报
在今天更新完系统后,包括 opencv, zlib, eigen 在内的库均无法编译,全被 Defender 拦截了
下面是以我编译 zlib-1.3 为例
Environment
- MinGW 11.2.0
- CMake 3.24.2
- Windows 11 (23H2, 22631.2861)
- Security intelligence version(Defender): 1.403.485.0 (last update 2023.12.14)
Library
-
zlib-1.3( https://www.zlib.net/zlib13.zip)
SHA-256 c561d09347f674f0d72692e7c75d9898919326c532aab7f8c07bb43b07efeb38
Command
C:/Qt/Tools/CMake_64/bin/cmake.exe -G "MinGW Makefiles" -D CMAKE_C_COMPILER=gcc -D CMAKE_CXX_COMPILER=g++ -D CMAKE_C_FLAGS_DEBUG=-O3 -D CMAKE_C_FLAGS_RELEASE=-O3 -D CMAKE_CXX_FLAGS_DEBUG=-O3 -D CMAKE_CXX_FLAGS_RELEASE=-O3 -D CMAKE_BUILD_TYPE=Debug -D CMAKE_PREFIX_PATH="C:/Work/dep/MinGW11.2.0/Debug;${CMAKE_PREFIX_PATH}" -D CMAKE_INSTALL_PREFIX="C:/Work/dep/MinGW11.2.0/Debug/zlib-1.3" -B . -S .. C:/Qt/Tools/CMake_64/bin/cmake.exe --build . C:/Qt/Tools/CMake_64/bin/cmake.exe --install . Generator
- "MinGW Makefiles"
Variables
- CMAKE_C_COMPILER=gcc
- CMAKE_CXX_COMPILER=g++
- CMAKE_C_FLAGS_DEBUG=-O3
- CMAKE_C_FLAGS_RELEASE=-O3
- CMAKE_CXX_FLAGS_DEBUG=-O3
- CMAKE_CXX_FLAGS_RELEASE=-O3
- CMAKE_BUILD_TYPE=Debug
- CMAKE_PREFIX_PATH=C:/Work/dep/MinGW11.2.0/Debug;${CMAKE_PREFIX_PATH}
- CMAKE_INSTALL_PREFIX=C:/Work/dep/MinGW11.2.0/Debug/zlib-1.3
Windows Defender
-
Trojan:Win32/Tiggre!pz
file: C:\Work\tmp\pack\zlib-1.3\build_zlib_1.3_MinGW11.2.0_Debug\CMakeFiles\CMakeTmp\cmTC_0772b.exe file: C:\Work\tmp\pack\zlib-1.3\build_zlib_1.3_MinGW11.2.0_Debug\CMakeFiles\CMakeTmp\cmTC_10bfe.exe file: C:\Work\tmp\pack\zlib-1.3\build_zlib_1.3_MinGW11.2.0_Debug\CMakeFiles\CMakeTmp\cmTC_4a1df.exe -
https://go.microsoft.com/fwlink/?linkid=142185&name=Trojan:Win32/Tiggre!pz&threatid=2147896662
CMake
-- The C compiler identification is GNU 11.2.0 -- Detecting C compiler ABI info -- Detecting C compiler ABI info - failed -- Check for working C compiler: C:/Qt/Tools/mingw1120_64/bin/gcc.exe -- Check for working C compiler: C:/Qt/Tools/mingw1120_64/bin/gcc.exe - works -- Detecting C compile features -- Detecting C compile features - done -- Looking for sys/types.h -- Looking for sys/types.h - found -- Looking for stdint.h -- Looking for stdint.h - found -- Looking for stddef.h -- Looking for stddef.h - found -- Check size of off64_t CMake Error at C:/Qt/Tools/CMake_64/share/cmake-3.24/Modules/CheckTypeSize.cmake:146 (try_compile): Cannot copy output executable 'C:/Work/tmp/pack/zlib-1.3/build_zlib_1.3_MinGW11.2.0_Debug/CMakeFiles/CMakeTmp/cmTC_8af1e.exe' to destination specified by COPY_FILE: 'C:/Work/tmp/pack/zlib-1.3/build_zlib_1.3_MinGW11.2.0_Debug/CMakeFiles/CheckTypeSize/OFF64_T.bin' Call Stack (most recent call first): C:/Qt/Tools/CMake_64/share/cmake-3.24/Modules/CheckTypeSize.cmake:277 (__check_type_size_impl) CMakeLists.txt:40 (check_type_size) -- Looking for fseeko -- Looking for fseeko - found -- Looking for unistd.h -- Looking for unistd.h - found -- Configuring incomplete, errors occurred! See also "C:/Work/tmp/pack/zlib-1.3/build_zlib_1.3_MinGW11.2.0_Debug/CMakeFiles/CMakeOutput.log". See also "C:/Work/tmp/pack/zlib-1.3/build_zlib_1.3_MinGW11.2.0_Debug/CMakeFiles/CMakeError.log".  | 1 V28a19cc 2023-12-15 00:47:27 +08:00  1 1. 建议综合多个杀软的结果来确定是否误报,具体操作是将报毒的文件上传到 [VirusTotal]( https://www.virustotal.com) 2. 建议禁用 Defender 以**大幅加快**编译速度,随便换个杀软性能都比 Defender 好很多 |
 | 2 miaomiao888 2023-12-15 05:33:46 +08:00 1 不确定你的情况 但最近 Defender 似乎更新了病毒库导致一些误报,反正我有个软件是突然收到误报反馈。 Defender 很恶心,加白除了添加排除路径,还得关实时保护,否则软件运行后照样扫内存强行删除。 同样建议换,这坨东西一点都不专业。 |
 | 4 j16ZgMV9cs6ZB23n 2023-12-15 10:03:50 +08:00 MinGW 的不清楚,我用 msvc 编译的上传再下载就当病毒了,自己都觉得很惊奇。 |
 | 5 Thymolblue OP |
 | 6 sariya 2023-12-15 12:22:18 +08:00 via Android 放排除列表吧,可能是一些动态生成 exe 的操作触发了误报 |
 | 7 klosw 2023-12-15 14:51:43 +08:00 为啥不把项目目录在 Defender 中排除呢 |
| 8 Thymolblue OP @klosw 被 defender 报毒是在 14 号更新后发生的,主要是不确定是否真的中毒了 |
| 9 Thymolblue OP 来结一下题,就是微软的误报,把 CMake 更新到 3.27 之后就能成功编译了。 |
Select Language