Today, when compiling a x64 vst3 plugin on Windows 11, Windows defender quaranteened my freshly built juce_vst3_helper.exe during the build because it wrongly thinks it is a “severe” threat.
A “trojan” was detected called “Win32/Sabsik.FL.A!ml”.
I verified this is a false positive but I wonder if there is anything that can be done to prevent this from happening again in the future? I think it’s especially annoying for automated builds.
Is this a known issue? I found some juce-unrelated posts online from people who got this from compiling a “hello world.cpp”.
What SDK/Toolchain are you using? This seems like its more of a toolchain issue than JUCE-specific. I’ve seen some false positives like this in the past with previous versions of the VC++ runtime.
Of course, you should try to triage this and test the .exe again on a known-good system (perhaps in a freshly minted VM), if you think this might be serious.
I’m sure it is not serious. I’m seeing this on a Surface Pro 11 with a Snapdragon processor that couldn’t even run that 32-bit Trojan.
It might be a problem with Visual Studio running on Windows on Arm. I’m using the lastest public release 17.13.6 on Windows 11 24h2 - also up to date.
Searching the web I see that this occasionally happened with build processes that include building an .exe which then gets run from Visual Studio during the build process.
I think what I’d like to have is a way to white-list juce_vst3_helper.exe so Windows Defender just leaves it alone.
Weirdly, building for arm64ec is not affected at all.. it happens only when I build x86_64 on Visual Studio arm64.
