Installer Getting Flagged as Virus (Windows)

[yak-22]

Describe the bug
I'm trying to install the Depth AI Viewer on Windows. However, Windows Security is flagging the program as a Trojan and preventing the program from being installed. I tried to download the .exe and the .whl and it got flagged both times.

To Reproduce
Steps to reproduce the behavior:

1. Download and run the installer
2. Run after install
3. Gets flagged while installing dependencies

Expected behavior
Not to be flagged as malware

Screenshots
For https://github.com/luxonis/depthai-viewer/releases/download/v0.2.7/depthai_viewer-0.2.7-cp38-abi3-win_amd64.whl

For https://github.com/luxonis/depthai/releases/download/v3.6.0/DepthAI-setup-v3.6.0.exe

[zrezke]

I could reproduce it, but hadn't had the time to investigate the issue. Thanks for reporting.

[marsfan]

@zrezke I just downloaded the DepthAI installer to check it out before deciding if I would buy a camera. I'm getting the same AV report. It seems to only happen with version 0.2.7. Here's the VirusTotal results: https://www.virustotal.com/gui/file/6bce2a0da8bd933be3d4e840dae0d23e41794bf19cd8241b00b1136d25a3e602

When I scanned the same file in VirusTotal for 0.2.6, I got no hits, so that should narrow down the source.

[marsfan]

Actually, I take that back. Running a re-scan on 0.2.6 shows it has issues as well.

[zrezke]

Thanks for looking into it @marsfan ! I could narrow it down to 0.1.5 being the first version with this issue. 👀

[zrezke]

Fixed the issue with a bump to the rust toolchain. Bumped from 1.74 to 1.76. I think the issue is resolved because of this: rust-lang/rust#118013
But I don't understand why the depthai-viewer which uses rust version 1.72 isn't flagged (depthai'viewer<=0.1.4).

[marsfan]

@zrezke TBH I'm not really sure how that could have caused the issue to be honest, that seems to be about an extra security feature, but the detection was for a specific Trojan (but oddly, Microsoft's public database does not have any info about the one that defender identifies). But I'm not really an expert in this sort of thig.

I personally was leaning towards it either being something accidentally pulled in through a dependency, or a false positive.

On a related note, I'd strongly recommend that you bump the Rust toolchain to at least 1.77.2, as that fixed a 10/10 severity vulnerability. More info here. Though trying to more closely follow the latest release might be even more optimal.

[marsfan]

I did a little more digging, and I found that the specific signature that is being triggered was only added to Windows Defender on November 20th, as part of the 1.421.399.0 update, but Microsoft has not yet added any additional details about this specific Trojan, so it may be a legitimate detection for a new virus that was pulled in through a dependency.