The installer posh-windows-386.exe is flagged as a threat. Request to...
A prompt theme engine for any shell.
Brought to you by:
gangstacoder
Originally created by: romanrozinov
CONTRIBUTING
guideAs part of the rollout attempt of oh-my-posh to the development team, it is detected as a threat by SentinelOne software. Vendor's response is that increasing reputation score would help by singing the executable with Microsoft's Autneticode technology, see SignTool.
Hence the request for enhancement to establish the signature for the installation executable, as opposed to relying on static hashes every release.
Install-Module oh-my-posh -Force
Expected behavior: [What you expected to happen]
Installation should be successful.
Actual behavior: [What actually happened]
Installation is aborted due to antivirus flagging the executable.
Originally posted by: romanrozinov
I am aware of [#708] but this issue is related to psm1 install script itself which i believe should also be signed, if not already, to allow greater adoption in enterprise environments.
Originally posted by: JanDeDobbeleer
We've talked about code signing before but the certificates are way too expensive for a project such as this. So, unless you can add an exclusion in Sentinel (that should be possible though on company level), or we find a sponsor for said certificate, there's not much we can do for the time being.
Originally posted by: JanDeDobbeleer
@romanrozinov missed your second comment. I'm curious, what happens when you use scoop/winget to install the oh-my-posh executable? Because the module is simply a wrapper for that anyways.
Originally posted by: mcroach
Possible solution to this eventually may be https://sigstore.dev/ managed by the Linux Foundation. In its current form it appears to support signing of Linux/Windows executables. Not sure if in its current form it could also be used to sign powershell modules or if that might be a future option.
Originally posted by: JanDeDobbeleer
@mcroach yup, it was hinted before. Waiting on it to come to life. In theory, having the executable signed should be sufficient.
Originally posted by: sjetha
This Twitter thread has some suggestions: https://twitter.com/mehedih_/status/1411969294724968449?s=21