2

I have two laravel-mix projects which I maved for a client, with packages like jquery, bootstrap, sweet alert installed through npm. Nothing complicated.

I worked on the first project for a couple of weeks and cloned it into another directory and worked for another couple of weeks.

The problem:

I tried to open the index.html file on chrome (with double click just to preview) and Windows Defender detected it as a thread and proceeded to delete it.

I checked a backup I had online and the code doesn't have any redirects or code I didn't wrote. Tried to download the backup and detected it again as thread.

I had to allow the thread to make a zip and send it to a client but I'm still worried if this is something serious or just a Windows Defender mistake.

Any advice would be helpful.

chuysbz
  • 1,262
  • 6
  • 18
  • 47
  • 1
    Anti-malware is never very happy about files that appear in an unusual way. HTML comes in through a browser, anything else is fishy and raises the what-the-heck detection level. Typical programmer issue, having to add an exclusion for your project directory is normal. – Hans Passant Oct 01 '20 at 21:37
  • 1
    Just had the exact same issue, and I have the same libraries.Must be a Windows Defender bug – Charles Poplar Oct 02 '20 at 08:56

2 Answers2

3

I've just had the same issue. I couldn't check all my views, but it seems to me that Windows Defender detects those views as threats that reference SweetAlerts. So far I simply choose the option in Windows Defender to allow these files. I've made some of these views months ago, so I believe it could be a bug in Windows Defender. Nothing fishy is going on in my views, believe me :-)

pppery
  • 3,731
  • 22
  • 33
  • 46
Mark_B166ER
  • 46
  • 1
0

I had same problem with an html file. And the warning seems legitimate.

What happens is, there are links inside the html file that points to a dodgy domain, for example, js, css or form actions links. These domains have been flagged as phising sites.

Windows Defender immediately detects this variant, but when I scan with Kaspersky it picks up nothing. It's only when I open the page in a browser, Kaspersky blocked it.

This usually happens if the page was saved from the internet. The easy solution would just be to delete those links.

tno2007
  • 1,993
  • 25
  • 16