"Ubuntu on Windows 10" app from "Windows Store" triggers Trojan warning, real or fake?

Hi I just installed the "Ubuntu on Windows 10" app from "Windows Store" a couple of days ago. Today I got this notification by my F-Secure SAFE program. Should I be afraid or is this a false positive? 2018-July-23, 22:56 ! Application was blocked from accessing your files ---- Path: c:\users\win_username\appdata\local \packages\canonicalgrouplimited.ubuntuonwindows_79rhkp1fndgsc\localstate\rootfs\usr\bin ---- File: apt-config ---- Reason: Trojan:W32/CryptoRansomwareBehavior.B!DeepGuard What should I do from this point on?

Comments

  • UkkoUkko Posts: 2,999 Superuser

    Hello,

     

    Sorry for my reply. I'm only an F-Secure user (their home solutions).

    So, it is only my own unofficial feelings.

     

    I think that it is likely false positive (for except, potential meanings that 'malware' tried to use Linux subsystem?! or your downloaded application is rogue).

    Because detection is about "preventing access to your files" by Ransomware protection feature (""""Protect your devices against ransomware with multi-level protection"""" as kind of protected folders feature).

    My own experience is about some false positives with such 'generic' detection too (another software/reasons).

     

    For sure -> good to know more information (when detection is happened /system was idle? certain action?/; does it possible to repeat?; possible to run F-Secure Full Scan for check system against 'static' items).

     

    But based on path and 'file' -> I think that "apt-config" is a potential tool that was used to access noted path (since both 'things' are about Linux -> likely that it is internal action and can be normal).

     

    Possible to do things like:

    ->>> Check settings for Ransomware Protection feature:

    F-Secure Main UI -> Settings -> DeepGuard-tab -> check protected folders from Ransomware Protection options.

    By default there are only certain folders; it is not possible to add some folders to such list (unsafe) and maybe certain folders are not critical to protect (more false positive events rather than not).

     

    ->>> Possible to try transfer information (file with description; or even URL to Windows Store application and your configuration about F-Secure settings and detection event) to F-Secure Labs:

    https://www.f-secure.com/en/web/labs_global/inform-us

    but maybe F-Secure Community managers do able to share it from here.

     

    Thanks!

    WinTux
  • WinTuxWinTux Posts: 2

    Thanks Ukko I'll report it to the F-Secure Labs.

    Ukko
This discussion has been closed.