What is your source for characterizing this as a false alert/positive? The developer? My Defender app also quarantined the file/automatically removed the yahooqt.mxt extension from Moneydance's fmodules folder. Thanks.
Sean Reilly on 06 May, 2022 11:53 AM
I've verified that the yahooqt.mxt extension is exactly identical to the one that I've created, and I can assure you that there were no viruses in it then, or added since. If you've used the built-in extension manager to find and install the extension, and not downloaded the yahooqt.mxt file from the web or received it via email, then it is safe to load.
I ran Windows Defender on the original file and it thought there was a virus in it, but I confirmed the contents of the file are exactly as when I packaged and digitally signed the extension. I've also extracted the contents of the file and verified that there isn't any malicious code within it.
When I looked up the details on the virus that Defender claims it is, it doesn't match up and there's no way that such a virus could infect something based on the way that moneydance loads the extension files.
I'm confident that this is a false alarm and the threat should be "allowed" by going into Windows Defender, clicking on the Actions menu for the thread and choosing "Allow".
I don't know if it helps with any resolution from the development side, but Windows Defender also claims that Trojan:Script/Oneeva.A!ml is also present in yahooqt.mxt. I thought this info might be useful in case iK is working with Microsoft towards a resolution. Thanks!
Today, after updating Windows "Security Intelligence Version" with version 1.363.1629.0 dated 05/08/2022 03:44 I was able to download and install fmodules/yahooqt.mxt v1032 without it being flagged. I even ran Windows Defender against the file itself.
I am unsure if you worked with Microsoft, or they changed their "intelligence" on their own, or if you changed your yahooqt script. But for future reference, in my opinion, I think it unwise to recommend allowing flagged threats just to make your software work.
Well... Unfortunately I spoke too soon. This afternoon I fired up my computer again and Windows Defender immediately found the Trojan:Script/Oneeva.A!ml once more. Maybe this will help diagnose the problem when you talk to Microsoft, but I won't be using your script until you or Microsoft fix this problem.
I did not get a hit on either yahooqt or oneeva today when I installed the extension and updated the security values. However, I do think don.canova's suggestion is prudent -- something is triggering the alerts, even if beyond The Infinite Kind's build, and it likely is best to put it on ice until the cause is determined or corrected and announced.
Last Friday I again downloaded your Quotes and Exchange Rates Updater script v1032 and Micorosoft Defender allowed it to install without alerting. I used the script to download quotes on Friday and this morning (Monday) and so far, still no alerts from MS Defender. The MS Defender "Intelligence" version I now have installed is 1.363.2050.0 dated 5/16/2022. Hopefully this ends the drama.