Windows Defender flag some JSON output file from Trivy as Backdoor:PHP/Remoteshell.V

299 views Asked by At

I'm working on a project where I parse some YAML configuration files in Java, then forge a command to send to a processbuilder which calls Trivy, performs the required scans and then print out two files, one in JSON and one in HTML.

With most of the config files it works great, but with one of them, multiple JSON output files are flagged as Backdoor:PHP/Remoteshell.V by Windows Defender, so it puts them in quarantine and it stops the execution of the rest of my program because the paths don't exist anymore.

Sadly, I can't share the exact Trivy call because it is done on private Docker images that require access, but I can share some of the flagged JSON files if needed.

I tried scanning it with other malware detection software such as Gridinsoft and Zemana, but they don't detect anything.

I'm using IntelliJ IDE for this project and running it with Quarkus on a Windows computer, but I execute the Java program on WSL on a 20.04 Ubuntu because Trivy can't run on Windows.

I hope someone can help me on this issue as it is blocking me on my project, obviously I could just manually exclude the project file from the scan, but this is not a viable long term solution.

0

There are 0 answers