F-Secure blocks Go lang projects' builds

georgileikin
georgileikin Posts: 1 New Member
in Device Protection

I created a default project that JetBrains' Goland creates when you strart a new project. Building it the first couple of times was successful, but at some point it started adding the generated .exe files (oh, yes, this is on Windows 11) into quarantine and the build started to fail:

PS C:\Users\georg\GolandProjects\awesomeProject> go buildawesomeProject: go build awesomeProject: copying C:\Users\georg\AppData\Local\Temp\go-build4010819815\b001\exe\a.out.exe: open awesomeProject.exe: Access is denied.PS C:\Users\georg\GolandProjects\awesomeProjectError running 'go build awesomeProject'Cannot run program

"C:\Users\georg\AppData\Local\JetBrains\GoLand2025.2\tmp\GoLand___5go_build_awesomeProject.exe" (in directory "C:\Users\georg\GolandProjects\awesomeProject"): CreateProcess error=5, Access is denied

Clicking on the event in the F-Secure UI console redirects me here:https://www.f-secure.com/en/support/search#q=HEUR/APC&f:@source =[ThreatDescriptions]I cannot exclude the directory from being scanned as it is generated dynamically during the build. (the name varies for each build)

Am I missing something?

Like Awesome

Answers

  • Ville
    Ville Posts: 806 F-Secure Product Expert

    This is a common problem for software developers. When creating hundreds of executables, you will from time to time create something that triggers the heuristics detection. What makes it more suspicious for antivirus is that the executable is not signed. We also suffer from it for C++ development.

    Generally the best solution is to exclude the root of project folders from scanning. I haven't done Go development but in C++ all the generated objects stay in the subdirectories of the project. I can see from your examples that Go seems to be creating objects in your temp directory. Excluding entire temp is not advisable from security perspective.

    I checked with AI and it says Go supports setting up environment variables GOCACHE and GOTMPDIR to control where the temporary files go. Could you try to use these to direct the temporary objects to a well-known directory (not %TEMP%) that you could exclude?

    Ville

    F-Secure R&D, Desktop products

    1Like Awesome

Categories