Windows Defender detect ffmpeg.exe as torjan

[thewh1teagle]

I use avbuild in the project vibe and recently people reported that windows defender block the program with the error:

The file C:\Users\User\AppData\Local\vibe\ffmpeg.exe is infected with Gen:Variant.Lazy.540663 and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.

The file is ffmpeg-6.1-windows-desktop-vs2022ltl-default.7z

It's probably false positive by Windows defender, I reported to Microsoft that it's false positive at wdsi/filesubmission
Hope you can solve it
Thanks!

Related: thewh1teagle/vibe#126

Also virus total:
https://www.virustotal.com/gui/file/c91b4c9b8e5220ec5e511863a652aefb8ea08deae0bb80fb7466c4f65a09dfad

[wang-bin]

i can't fix it. don't use ltl, use vs2022 instead.

[thewh1teagle]

i can't fix it. don't use ltl, use vs2022 instead.

You can't fix it because you don't use it, or it's impossible in general?
Because personally I just reported the microsoft / av providers about false positive and it worked.
This one? avbuild/files/windows-desktop/ffmpeg-7.0-windows-desktop-vs2022-default.7z

What's the differences between all the builds? (lgpl, lite, etc) did you wrote the differences in some place?

Btw - [avbuild/files/windows-desktop/ffmpeg-7.0-windows-desktop-vs2022-default.7z] also detected as a virus in virustotal (only by MaxSecure)

[wang-bin]

yes. default: default features. lite: only some frequently used features and optimized for binary size. gpl: add some features in gpl license, for example x264 x265. ltl: build with vc-ltl to link to mscvrt instead of ucrt

[wang-bin]

vc-ltl author says the reason is linking to msvcrt, we can do nothing. so recommand to use ucrt.

[wang-bin]

i have no idea about virus, afaik only ltl build is detected as virus. you can also try the binaries build by someone else

[thewh1teagle]

i have no idea about virus, afaik only ltl build is detected as virus. you can also try the binaries build by someone else

I like to use your builds because they are reliable and easy to use, and you support a wide range of operating systems. I really appreciate your work! If there's anything I can do to help, I’d be happy to try.

I have already reported the false positive to Microsoft and other antivirus providers, mentioning that your builds are open-source and should be whitelisted. Maybe you could report it as well.

[thewh1teagle]

i have no idea about virus, afaik only ltl build is detected as virus. you can also try the binaries build by someone else

It happens also with ffmpeg-7.0-windows-desktop-vs2022-default.7z (detected by MaxSecure in virustotal) see virustotal.com/gui/file/40cc)

[wang-bin]

No virus detectd: https://www.virustotal.com/gui/url/e679ce80f7c2e6ee0322a3275bf3e10e2dab41a60acc545a455add8a41ea3bc0?nocache=1

You can test the binaries from https://ffmpeg.org/download.html