[TILES] Pin/Unpin to Start is not working #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Duplicate malware/virus flags issues handler | |
on: | |
issues: | |
types: [opened] | |
jobs: | |
check_keywords: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Check for keywords in issue title and body | |
id: check_keywords | |
run: | | |
# Define the list of keywords | |
keywords=("Virus" "Malware" "trojan" "Windows Defender" "Antivirus" "bitdefender" "defender" "kaspersky" "unwanted" "harmful" "HackTool:Win64/ExplorerPatcher!MTB" "HackTool:Win64/Patcher!MSR" "HackTool" "Backdoor" "detection" "Norton" "Windows Security" "Win64:MalwareX-gen" "Microsoft Defender" "infected" "Potentially unwanted app found" "potentially unwanted software" "VIRUSTOTAL") | |
# Get the issue title and body from the event context | |
ISSUE_TITLE="${{ github.event.issue.title }}" | |
# Convert both title and body to lowercase for case-insensitive comparison | |
ISSUE_TITLE_LOWER=$(echo "$ISSUE_TITLE" | tr '[:upper:]' '[:lower:]') | |
# Check if any of the keywords are present in the title or body | |
for keyword in "${keywords[@]}"; do | |
# Convert the keyword to lowercase as well | |
KEYWORD_LOWER=$(echo "$keyword" | tr '[:upper:]' '[:lower:]') | |
if [[ "$ISSUE_TITLE_LOWER" == *"$KEYWORD_LOWER"* ]] || [[ "$ISSUE_BODY_LOWER" == *"$KEYWORD_LOWER"* ]]; then | |
echo "'$keyword' found" | |
echo "contains_keyword=true" >> $GITHUB_ENV | |
break | |
fi | |
done | |
- name: Comment, label, and close issue if keyword found | |
if: env.contains_keyword == 'true' # Only run if a keyword was found | |
run: | | |
ISSUE_NUMBER="${{ github.event.issue.number }}" | |
REPO="${{ github.repository }}" | |
# Define the body of the comment with Markdown formatting | |
COMMENT_BODY="> [!CAUTION] | |
><ins>**Microsoft and other major antivirus vendors have flagged ExplorerPatcher as \"malware\".**</ins> This is likely due to Microsoft's hatred against ExplorerPatcher, not because it contains a virus or such. Flags from Microsoft usually spread to other antivirus vendors. | |
Please include the following files and folders in your antivirus' exclusion list to prevent issues due to antivirus detections: | |
\`\`\` | |
C:\Program Files\ExplorerPatcher | |
%APPDATA%\ExplorerPatcher | |
C:\Windows\dxgi.dll | |
C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy | |
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy | |
\`\`\` | |
For Defender, you can run the following script in PowerShell as an administrator: | |
\`\`\` | |
Add-MpPreference -ExclusionPath \"C:\Program Files\ExplorerPatcher\" | |
Add-MpPreference -ExclusionPath \"\$env:APPDATA\ExplorerPatcher\" | |
Add-MpPreference -ExclusionPath \"C:\Windows\dxgi.dll\" | |
Add-MpPreference -ExclusionPath \"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\" | |
Add-MpPreference -ExclusionPath \"C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\" | |
\`\`\` | |
### **Failure to exclude ExplorerPatcher's files may result in inability to install/uninstall ExplorerPatcher and explorer.exe being unable to start.** | |
If you do not trust this process, please refrain from using ExplorerPatcher and look for alternatives instead. | |
Microsoft, if you are reading this, please reconsider the detections as [there are a lot of users who trust this program and that risks from future EP developers are a thing.](https://www.youtube.com/watch?v=R50myh-AAe0) | |
This issue was closed automatically. You want to discuss this in https://github.com/valinet/ExplorerPatcher/issues/3670." | |
# Escape the Markdown content for proper JSON formatting | |
COMMENT_BODY_ESCAPED=$(printf "%s" "$COMMENT_BODY" | jq -Rs .) | |
# Post a comment on the issue with formatted text | |
curl -X POST \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
-d "{\"body\": $COMMENT_BODY_ESCAPED}" \ | |
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER/comments" | |
# Add the "duplicate" label to the issue | |
curl -X POST \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
-d '{"labels":["duplicate"]}' \ | |
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER/labels" | |
# Close the issue | |
curl -X PATCH \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
-d '{"state": "closed"}' \ | |
"https://api.github.com/repos/$REPO/issues/$ISSUE_NUMBER" |