Jump to content

Visual Studio C# Builds now consistently have EXE intercepted and deleted by ESET

Recommended Posts

I've been developing an app in C# over a number of months with no problems and suddenly two weeks ago, every build has the created exe flagged and removed by ESET

I have installed same config on another machine and all worked well, include the solution I built on main dev machine.

Due to this, I was convinced my dev box was correupted/infected so I reset and fully rebuilt OS& Apps using another physical drive - still the same issue.

It goes like this:

  • load C# project in Visual Studio 
  • do a REBUILD
  • immediately the build is complete, ESET jumps in with "Threat Removed, A threat (MSIL/GenKKryptik_AGen.MV) was found in a file that VBCSCompiler tried to access; the file has been deleted"

[underline/italic are hyperlinked text]

The associated log is:

Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
1/01/2023 3:10:44 pm;Real-time file system protection;file;C:\Users\MalSnaize\OneDrive - IT Stuff\Development\PLC-2022\V010\V010.022 - Copy\obj\Debug\PLC2022.exe;a variant of MSIL/GenKryptik_AGen.MV trojan;cleaned by deleting;AzureAD\MalSnaize;Event occurred on a new file created by the application: C:\Program Files\Microsoft Visual Studio\2022\Community\MSBuild\Current\Bin\Roslyn\VBCSCompiler.exe (770F307D32E33001E65210C257A8B16881ED8CE3).;B709F2748E1F15BE93D3754FE06D87BF04080E06;1/01/2023 2:54:20 pm

can anyone help please?






Link to comment
Share on other sites

Seems like an FP. Extract the detected file from Quarantine and zip it with the password (infected), and send the encrypted zip file to samples@eset.com for investigation.

Link to comment
Share on other sites

This issue also appears to manifest when using Norton: https://community.norton.com/en/forums/visual-studio-code-issue-norton .

The solution:


As a developer, you need to create a master folder for all your projects. Then exclude that folder from Both items in the image below. 

There are a number of like past postings on the forum in regards to Eset FPs on Visual Studio created executable's. As such, above folder exclusion recommendation appears the best permanent solution to the issue.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...