Jump to content

Visual Studio C# Builds now consistently have EXE intercepted and deleted by ESET

Recommended Posts

I've been developing an app in C# over a number of months with no problems and suddenly two weeks ago, every build has the created exe flagged and removed by ESET

I have installed same config on another machine and all worked well, include the solution I built on main dev machine.

Due to this, I was convinced my dev box was correupted/infected so I reset and fully rebuilt OS& Apps using another physical drive - still the same issue.

It goes like this:

  • load C# project in Visual Studio 
  • do a REBUILD
  • immediately the build is complete, ESET jumps in with "Threat Removed, A threat (MSIL/GenKKryptik_AGen.MV) was found in a file that VBCSCompiler tried to access; the file has been deleted"

[underline/italic are hyperlinked text]

The associated log is:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
1/01/2023 3:10:44 pm;Real-time file system protection;file;C:\Users\MalSnaize\OneDrive - IT Stuff\Development\PLC-2022\V010\V010.022 - Copy\obj\Debug\PLC2022.exe;a variant of MSIL/GenKryptik_AGen.MV trojan;cleaned by deleting;AzureAD\MalSnaize;Event occurred on a new file created by the application: C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Roslyn\VBCSCompiler.exe (770F307D32E33001E65210C257A8B16881ED8CE3).;B709F2748E1F15BE93D3754FE06D87BF04080E06;1/01/2023 2:54:20 pm

can anyone help please?






Link to comment
Share on other sites

Seems like an FP. Extract the detected file from Quarantine and zip it with the password (infected), and send the encrypted zip file to samples@eset.com for investigation.

Link to comment
Share on other sites

This issue also appears to manifest when using Norton: https://community.norton.com/en/forums/visual-studio-code-issue-norton .

The solution:


As a developer, you need to create a master folder for all your projects. Then exclude that folder from Both items in the image below. 

There are a number of like past postings on the forum in regards to Eset FPs on Visual Studio created executable's. As such, above folder exclusion recommendation appears the best permanent solution to the issue.

Edited by itman
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...