Heads up for anyone updating to the new 1.18.4 release.
Windows Defender quarantined Setup_MakeMKV_v1.18.4.exe on my Windows 11 machine today, flagged as Trojan:Win32/Bearfoos.B!ml (severity Severe). It scanned clean right after download, then Defender quarantined it about a minute later.
This looks like a false positive. The !ml suffix means it is a Defender machine learning / cloud detection, not a signature match. That is the usual behavior for a brand new, unsigned NSIS installer with no cloud reputation yet.
VirusTotal backs that up: only 2 of 68 engines flag it, and both are heuristic / ML:
NANO-Antivirus: Exploit.Zip.Heuristic-java.csrvpr
Trapmine: Malicious.moderate.ml.score
Full VirusTotal report:
https://www.virustotal.com/gui/file/a7d ... 98d0927b77
The file is the genuine official installer. I downloaded it from the makemkv.com download link and the hashes match the copy on VirusTotal exactly:
File: Setup_MakeMKV_v1.18.4.exe
Size: 16,432,607 bytes
SHA-256: a7da42f08765f1186154eb3e2af08c30f0ac66b0a42aa7e4430aa498d0927b77
SHA-1: 348fc51c33ef81389a7ed6075cdacee0e9933350
MD5: a3da290dd2e0508579acd47c21964cbd
Posting in case it helps others, and in case it is worth submitting to Microsoft so the detection gets cleared. Anyone else seeing this on 1.18.4?
1.18.4 installer flagged by Windows Defender as Bearfoos.B!ml (likely ML false positive)
Re: 1.18.4 installer flagged by Windows Defender as Bearfoos.B!ml (likely ML false positive)
Likely a false positive. I did an antivirus scan for the Windows, MacOS, and Linux versions of MakeMKV 1.18.4 and it said everything's fine.