SOLVED

MSIX Packaging tool AV detection

%3CLINGO-SUB%20id%3D%22lingo-sub-2087017%22%20slang%3D%22en-US%22%3EMSIX%20Packaging%20tool%20AV%20detection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2087017%22%20slang%3D%22en-US%22%3E%3CP%3ENewest%20version%20of%20MSIX%20Packaging%20tool%20is%20causing%26nbsp%3BTrojan%3APowerShell%2FMountsi.A!ml%20detection%20in%20Windows%20Defender%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDetection%20time(UTC%20time)%3A%201%2F22%2F2021%202%3A37%3A01%20PM%20Malware%20file%20path%3A%20amsi%3A_C%3A%5CProgram%20Files%5CWindowsApps%5CMicrosoft.MsixPackagingTool_1.2020.1219.0_x64__8wekyb3d8bbwe%5CMsixPackageTool.exe%3C%2FP%3E%3CP%3ERemediation%20action%3A%20NoAction%3C%2FP%3E%3CP%3EAction%20status%3A%20Succeeded%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2089425%22%20slang%3D%22en-US%22%3ERe%3A%20MSIX%20Packaging%20tool%20AV%20detection%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2089425%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20sad%20Windows%20team%20cannot%20create%20a%20reliable%20packaging%20tool%20and%20their%20own%20applications%20trigger%20malware%20detections%20in%20their%20own%20antivirus.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Established Member

Newest version of MSIX Packaging tool is causing Trojan:PowerShell/Mountsi.A!ml detection in Windows Defender

 

Detection time(UTC time): 1/22/2021 2:37:01 PM Malware file path: amsi:_C:\Program Files\WindowsApps\Microsoft.MsixPackagingTool_1.2020.1219.0_x64__8wekyb3d8bbwe\MsixPackageTool.exe

Remediation action: NoAction

Action status: Succeeded

 

2 Replies

It is sad Windows team cannot create a reliable packaging tool and their own applications trigger malware detections in their own antivirus.

best response confirmed by Sharla_Akers (Microsoft)
Microsoft Verified Best Answer
Solution

Hi @JeffAre 

 

Thank you for reporting this. The Microsoft Defender team determined this to be a false positive and has updated their security intelligence. The changes will reflect in latest security intelligence version 1.329.2889.0 or above.

 

This security intelligence update will be available to users who subscribe to the automatic security intelligence update mechanism, as well as users who choose to manually update security intelligence update.

 

The latest security intelligence update is available for download here: https://www.microsoft.com/en-us/wdsi/definitions