Windows Defender identifies rules.pb as TrojanDownloader

As others have suggested, too, this seems to happen fairly often. I know of at least three cases of this in our organization, in both, WebStorm and AndroidStudio.
Interestingly enough, I’ve been using the SonarLint plugin for AndroidStudio for a few months without any issues, but this morning it was my turn. :slight_smile:

2020-11-24 08_50_44-Windows Security

This thread comes as a response to this message.

Hello, welcome to the community! And thank you for reporting this issue.

As far as I can tell, the rules.pb file is created/updated when rules and quality profiles are synchronized with a server through connected mode.

Since this is a raw binary protobuf stream, the generated file sometimes matches a signature used by anti-virus software - and yes this is a big pain in the back :frowning: especially since it depends on whatever is configured on server side.

Would it be possible for you to attach the offending file to a post in this thread?

In the meantime and if this is possible to you, I suggest that you configure an exclusion for the AndroidStudio4.1\sonarlint folder in Windows Defender.