Author Topic: FREE Antivirus blocks kubectl.exe (Read 912 times)

robot.ski.shop · « **on:** September 13, 2022, 09:40:53 AM »

I have been using kubectl.exe every day for several years, but today it was put in quarantine by Avast when trying to run the kubectl command in gitbash. (See attached photos).

The installed version of kubectl has not been updated since january this year.

I suspect it might be false threat, since kubectl is all about accessing Kubenetes clusters remotely. I don't know how the inner mechanics are working here, but kubectl may be confused for malicious software trying to use SSH to access machines.

Since it is quite a big job to reinstall Windows on this machine, I would like to ask if this infection seems like a real threat?

In advance, thanks for your help.

Running Windows 11, latest update.
Avast 22.5.6015 (build 22.5.7263.734)
Virus definition: 220913-0

DavidR · « **Reply #1 on:** September 13, 2022, 10:53:34 AM »

You can send it to Avast for analysis from within the Quarantine area.
You could at your own risk also Restore it adding an exception at the same time.

Your screenshot (pixel size) is so massive as to be almost unreadable, especially on a 1080p screen.

robot.ski.shop · « **Reply #2 on:** September 13, 2022, 11:10:24 AM »

Thank you.

Since Avast does not send replies to submissions, does that mean I have to update definitions in a couple of days, restore the file and see if it still is moved to quarantine?

DavidR · « **Reply #3 on:** September 13, 2022, 01:03:47 PM »

You're welcome.

You can create a new folder on your drive named say Avast-Samples (or something memorable so you know what it is for), add that to the Avast Exclusions. Now you can use the Extract option to send it to that folder without Avast alerting using the link below.

- Reporting a Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php.
You should get a response in a day or two.

It could be that it may not be detected when you move it to the normal location, it may be being detected because of its actions when running. You can give some information on the issue when submitting the file for analysis, you could also give a link back to this topic.

robot.ski.shop · « **Reply #4 on:** September 13, 2022, 02:08:32 PM »

Thank you for your detailed response. Much appreciated.

I'm doing a windows reinstall anyway, just in case. Funnily enough, when trying to download installation media for Windows 11, Avast said that the download site for win11 "software-static.download.prss.microsoft.com/.... " was on a blacklist...

I see in another post here today, that another person also have problems with various dev tools, including kubectl, so it might be a false alarm.

DavidR · « **Reply #5 on:** September 13, 2022, 06:08:00 PM »

You're welcome.

I also saw that topic and was going to refer you to it, but the Detection name differed from yours.

Author Topic: FREE Antivirus blocks kubectl.exe (Read 912 times)

robot.ski.shop

FREE Antivirus blocks kubectl.exe

DavidR

Re: FREE Antivirus blocks kubectl.exe

robot.ski.shop

Re: FREE Antivirus blocks kubectl.exe

DavidR

Re: FREE Antivirus blocks kubectl.exe

robot.ski.shop

Re: FREE Antivirus blocks kubectl.exe

DavidR

Re: FREE Antivirus blocks kubectl.exe