Nippy 0 Posted September 6 Share Posted September 6 Disclaimer: I am very amaturish at ESET and coding so please bare with me and any instructions need to be very thorough as I'll probably not know what you're talking about or how to do it. Background information: I installed VS Code 2022 around 1 1/2 - 2 years ago (current version 1.93.0). I open VS code using Developer Command Prompt for VS 2022. I go over to my folder with my code in it and use "code ." to open VS code. When I run my program (a .cpp file) I get a popup from ESET saying "A threat (Win32/Kryptik_AGen.EHY) was found in file that Microsoft Incremental Linker tried to access." The file it refers to is the .exe file VS code creates from the .cpp file when I run the program. ESET then deletes .exe file to clean it. The log files say it is a variant of Win32/Kryptik_AGen.EHY trojan. This happened also about two months ago but it detected it as a ML/augur trojan. Before I just whitelisted the folder and moved on but it came back because the whitelist was only for ML/augur trojan so now I'm making this post because it is a recurring problem. The only thing the program includes is "#include <iostream> using namespace std; int main() {cout << "hi";}" Doing some testing it seems that when my program has a cout statement it runs into this ESET problem. Using my VS code for Python and Java has not run into this problem (obviously not opening VS code through the developer command for Java and Python but not sure why that would cause this issue). If I whitelist the folder with my program in it (the .cpp and .exe folder) run my program so the .exe file does not get deleted then remove the whitelist and run ESET on the folder with the .exe in it it detects the .exe and deletes it. This time in the scan log it says the same thing "a variant of Win32/Kryptik_AGen.EHY trojan - cleaned by deleting [1]" the notes say "[1]" means "Object has been deleted as it only contained the virus body." Question: Is something actually wrong with my installation of VS code or is ESET giving me a false positive? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted September 6 Administrators Share Posted September 6 It was a false positive, it's been fixed. Quote Link to comment Share on other sites More sharing options...
Nippy 0 Posted September 6 Author Share Posted September 6 Opening VS code and running it the same way creates the same pop-up notice but instead of "A threat (Win32/Kryptik_AGen.EHY) was found in file that Microsoft Incremental Linker tried to access." it is "A threat (ML/Augur) was found in file that Microsoft Incremental Linker tried to access." it then deletes the .exe file. But when I create a whitelist so after running VS code it creates and keeps the .exe file and when I remove the whitelist and scan the folder that includes the .exe file that is causing problems with ESET scan it no longer shows a detection and nothing gets deleted. But when I run VS code again, again without the whitelist, the same popup (A threat (ML/Augur) was found in file that Microsoft Incremental Linker tried to access.") happens and the .exe file gets deleted. In summary, running VS code the same way as before now shows a (ML/Augur) issue now and only shows up as an issue when run live but not when scanned afterwards (meaning whitelist was created to avoid deleting .exe file initially but when whitelist is removed and scanned no detections are found until VS code is run again and ESET detects it live). Quote Link to comment Share on other sites More sharing options...
Nippy 0 Posted September 6 Author Share Posted September 6 (edited) Apologies for the double post. Upon further investigation, if there is no .exe file created by VS code and I run VS code, ESET will not detect anything and will allow VS code to create the .exe file and run normally. If I try to run VS code again when there already exists the .exe file from the previous compilation then ESET will detect the (ML/Augur) issue and delete the .exe. If I repeat the cycle, I run VS code again when there is no .exe file because it has been deleted by ESET, ESET will not detect anything and the .exe file will be created and the compilation run as normal. And again if I run VS code then ESET will detect the (ML/Augur) issue and delete the .exe file. Edited September 6 by Nippy grammar issue Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.