Hi,
I received a message from Microsoft Defender after the upgrade of my IntellijIdea SonarLint plugin.
Java.Trojan.GenericGBA.31025 in sonarlint-intellij/plugins/sonar-cfamilly-plugin-6.29.0.41127.jar
Is it a really issue ? Do you need other details ?
We were made aware of the issue yesterday by another user. After investigations by the our security team and the CFamily team, we don’t believe there is an issue with any version of the analyzer. We will submit a FP report to Microsoft, although based on past experience this can take several days to be processed.
However, MS Defender doesn’t complain about the newest version of the CFamily analyzer (v6.30), so we will release a new version of SonarLint for IntelliJ that embeds that version today.
Update: Microsoft Defender with “Security intelligence version: 1.357.42.0” no longer complains about sonar-cfamily-plugin-6.29.0.41127.jar, nor do a range of other anti-virus providers: see VirusTotal