Open Closed

ABP Suite v1.0.2 Windows Threat #9609


User avatar
0
kfrancis@clinicalsupportsystems.com created

I've never seen this before, but I'd check on this:

I started ABP Studio, then ABP Suite, and then was alerted.

Studio v1.0.2 (current)

My guess here is either a bad/hijacked dependency got pulled in or it's a false positive - but I'm going to need


4 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent
    • The alert you received from Windows Defender (Trojan:Win32/Yomal!rfn) when running ABP Studio or ABP Suite is most likely a false positive. ABP Studio and ABP Suite are official tools distributed by the ABP team, and there are no known reports of malicious code or hijacked dependencies in the official releases.

    • False positives can occur when antivirus software incorrectly flags legitimate software, especially developer tools that perform code generation or automation. This is a common issue with .NET tools and other CLI utilities.

    • To ensure safety:

      1. Download ABP Studio and ABP Suite only from the official website: https://abp.io/studio
      2. Verify the installer hash if available on the download page.
      3. Make sure your antivirus definitions are up to date, and consider submitting the quarantined file to Microsoft for further analysis if you want confirmation.
    • If you are in a corporate environment, you may need to whitelist the ABP Suite executable or folder in your antivirus settings after verifying its source.

    Sources:

    • https://abp.io/community/articles/0x6kmwry
    • https://abp.io/studio
    • https://abp.io/support/questions/8950

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0

    I have done that, and it still happens. Since the prevalence of supply chain/dependency hijacking, I'm not sure that answer is sufficient as is especially with the result from VirusTotal: https://www.virustotal.com/gui/file/d190aea0d64b850d5dfe19b2786283ab7f7dc4b72e4f6c5e0d3ae58b51c5ac48/detection

  • User Avatar
    0

    Moving to 9.2.2 is a little better, but still confusing why there are positives on the list: https://www.virustotal.com/gui/file/6fd3da75a2e2ff69257f96ab3b02a9432697cff78caa319290b28accedffbf9a?nocache=1

  • User Avatar
    0
    EngincanV created
    Support Team .NET Developer

    [kfrancis@clinicalsupportsystems.com] said: Moving to 9.2.2 is a little better, but still confusing why there are positives on the list: https://www.virustotal.com/gui/file/6fd3da75a2e2ff69257f96ab3b02a9432697cff78caa319290b28accedffbf9a?nocache=1

    Hi, thank you for the detailed information and all your checks. We had encountered this “virus” alert with Kaspersky and similar tools before, and since it was a false positive, we contacted them. It’s no longer being reported on their side.

    However, seeing it flagged by Windows Defender is new to us. I’ll inform our test team about this, and we’ll investigate the situation further.

    By the way, antivirus programs often perform heuristic checks, which means if they don’t recognize a file, they may flag it as suspicious by default. This might be the case here, but we’ll investigate further.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 04, 2025, 16:11