New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/sys/windows: windows/svc/example
is detected as malware
#54394
Comments
Hi @seankhliao, given you've closed the issue, I'd like to know what's the solution to build and ship software for Windows users using Go, if any. Thanks! |
this is an issue for your antivirus vendor, not the go project |
Example provided is a clean Windows install, not any commercial anti-virus software |
Microsoft / Windows is also an antivirus vendor. |
It's also (maybe unfortunately) the most widely used Desktop operating system, by far. I'm surprised on how quickly this was disregarded as a non-issue when it's in fact quite a blocker in shipping a Go-based product to Windows users. |
What do you suggest Go project should do instead of pointing affected users to the antivirus vendor? Alex |
Hi Alex, I don't know what the Go project should do. I truly wish I did, but I don't. All I know is there's no way of justifying further development efforts using Go if the moment our product reaches the (paying) customer's computer there's a high chance of it getting flagged as malware. Customers are not engineers nor Go developers. You can't "point them" to their antivirus vendor (Microsoft). Have you ever downloaded a desktop application and have the installer come up with a message like: "Hey, please whitelist our software before Windows flags it as a virus"? I don't think so. |
I have never done this myself, but I suspect you can use some tools to sign your Go executable. This will make you executable not marked as malware. I just googled for it, and I can find https://docs.microsoft.com/en-us/windows/win32/appxpkg/how-to-sign-a-package-using-signtool https://stackoverflow.com/questions/252226/signing-a-windows-exe-file Perhaps there are better solutions, if you are willing to look.
I don't download random software from the Internet and run it on my computer. @qmuntal is there a way for Microsoft antivirus team to include Go built executable in their testing when they develop their product? Sorry for pinging you here, if you are the wrong person to ask that question. Thank you. Alex |
I can't reproduce this issue, but I like the idea. I'll try to move this forward. |
Thank you for doing that. Alex |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
go build .
What did you expect to see?
The service running normally
What did you see instead?
Windows has stopped the service from running and uninstalled it from the registry. It cannot be run or re-installed:
The text was updated successfully, but these errors were encountered: