Windows Defender Detects Trojan

OS: Windows 11 Pro Version 25H2 (OS Build 26200.7840)
Running the sysmon-builder.exe as non-privileged user

This looks like a very useful tool, and I would like to use it. However, after Windows Defender detected a trojan, I have reservations.


After unzipping and executing the sysmon-builder.exe, I received a prompt immediately from Windows Defender that a trojan was detected: Trojan:Win32/Bearfoos.B!ml. Defender then quarantined the sysmon-builder.exe.

<img width="691" height="342" alt="Image" src="https://github.com/user-attachments/assets/532b7d2f-41d2-416e-9804-6ab2c2308213" />

VirusTotal [scan](https://www.virustotal.com/gui/url/dab5cace4e8eafef78219554b6ab303d8b48e64f95dd6f706c378fb09c5790bb?nocache=1) of sysmon-builder-windows.zip came back clean, as did the Windows Defender scan of sysmon-builder-windows.zip file.

[Scanning sysmon-builder.exe](https://www.virustotal.com/gui/file/90ee91d139f83d4f5744a1ad289d6ab15a9e9522528c8af2a3b79307ac7b9263?nocache=1) with VirusTotal did show some detections. 







Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Windows Defender Detects Trojan #12

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Windows Defender Detects Trojan #12

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions