MicrosoftSysinternals Azure DevOps Extension
MicrosoftThere is some stupid kind of filtering happening on the techcommunity site. There's a bug in the April updates that broke Microsoft's Policy Analyzer and CIS' CIS-CAT Pro tool. I diagnosed the problem and my comments about it kept disappearing until I posted it as a screenshot instead of as text. Can someone at Microsoft track down who owns techcommunity and get them to fix that? Thanks.
MicrosoftAh, I think I understand now.
To summarize - the original VirusTotal scan you reported is https://www.virustotal.com/gui/file/4063678b979a5423445068312730cbfd549073af093db84486fa9e4fc20806c7/detection.
Also your Reddit post - https://www.reddit.com/r/antivirus/comments/1j2s326/virustotal_relations/.
I'm checking the docs and it's unclear to me what their "Microsoft Sysinternals" package is - https://docs.virustotal.com/docs/external-sandboxes. It looks to be "Microsoft.SysInternals" from the winget community packages - https://github.com/microsoft/winget-pkgs/blob/master/manifests/m/Microsoft/Sysinternals/2025-02-13/Microsoft.Sysinternals.installer.yaml, which is a 3rd party package that does reference the official source. In this case, the first party package would be Sysinternals Suite from the Store - https://apps.microsoft.com/detail/9P7KNL5RWT25?hl=en-us, id 9P7KNL5RWT25.
Regardless, none of the Sysinternals tools "call home". It remains to evaluate what those "Relations " / "Behavior" -> "Network comm" reports from VirusTotal mean. It seems, like NateL1010 reported, to be extra traffic from any source, as noticed within the infrastructure at the time, so possibly benign. As a note, "static" analysis as performed by a service probably can't account for all the possible network activity of a program running on a live system.
Sorry, can't post my answer as text (I think your site already hates me):
p.s.
WTF "invalid HTML"? 🥲
MicrosoftI can understand your frustration. Keep in mind that this is a VirusTotal matter, that's why I was confused at first
Not sure why the techcommunity engine wouldn't let you post links. I transcribed them and added them in my first reply, and it just worked. I'll see whether I can loop someone from VirusTotal in; I don't think they're affiliated to Microsoft, but I am curious now.
Cheers!
Alex
Hello!
Alex, please explain why Microsoft Sysinternals is blatantly lying about the network activity of https://apps.microsoft.com/detail/xp8lvlmtsbd7wf, and what you're going to do to fix it?
Here is an https://app.any.run/tasks/74118c4a-9139-43ab-a406-34fbfe80f8b1 — it clearly shows that my app does not connect to any third-party domains during setup or normal operation except the one explicitly specified by the user:
Teamatica
Yet Sysinternals, as shown on VT, makes it look like my app contacts over 20+ unrelated domains:
VT
But this is a complete fabrication. As a developer I officially state that no such functionality exists in the code, and I demand a full review and immediate correction of this false report:
VT
p.s.
Sorry to contact you here, but my direct message via Message function doesn't work.
Sorry I know this is an old post, but I agree with people in the reddit post, and here. VT is reporting 24 domains because as you can see in the relations tab it is testing your application against 24 domains. The 0/94 shows that there were no detections on any of the 24 domains. The only domain that was contacted was the normal Microsoft content delivery network which is pretty typical. It appears to me that there is a misunderstanding of how VT works by the users who reported it to you which is causing a lot of confusion.
MicrosoftWhich tool, or do you refer to the Microsoft Store?
I apologize for this format of the answer, but your idiotic resource blocks everything:
p.s.
