ExcelDna64.xll tripping antivirus

wach...@gmail.com

unread,

Dec 1, 2021, 4:15:06 PM12/1/21

to Excel-DNA

Hello,

My company's AV is flagging ExcelDna64.xll as containing malware. Here is a public report on it:

https://www.virustotal.com/gui/file/2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf/detection/f-2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf-1637305436

Obviously I don't think any of the devs would put something in there on purpose, but before we whitelist it, I wanted to check with the community to see if anyone can shed some light on this. I am using NuGet to download the package, but I also verified that the .zip from GitHub also trips the AV.

Thank you,

Gabriel

Govert van Drimmelen

unread,

Dec 1, 2021, 4:53:30 PM12/1/21

to Excel-DNA

Hi Gabriel,

I believe this is a false positive.

You can check the earlier discussions:

The ExcelDna.ManagedHost.AddInInitialize.Initialize call failed / ExcelDna.Integration.dll 1.5.0 flagged as containing malware by Windows Defender · Issue #413 · Excel-DNA/ExcelDna (github.com)

Major Virus guards detecting the ExcelDna.xll as MSIL/TrojanDropper.Agent.FGU and deleting! · Issue #403 · Excel-DNA/ExcelDna (github.com)

Unable to load ExcelDna.ManagedHost (google.com)

-Govert

Bob Calco

unread,

Dec 3, 2021, 11:22:53 PM12/3/21

to Excel-DNA

Govert,

I am concerned about relying on ExcelDNA if MS Windows Defender is going to be continually disrupting distribution of the framework with false positive virus scans.

What should we do to deal with this, and what is a reasonable expectation for this problem being solved so it doesn't happen again?

I love ExcelDNA's design. I love the fact I can use the Excel C API in UDFs, and the COM API in UX components. I like the illusion of ParamArrays that Registration provides. But if I have to worry that customers will get false positives every time there is a new release, this is not a good thing, and I have to consider using more pedestrian approaches.

MS seems to be promoting ExcelDNA. I learned about it from the F# community. But as a corporate user, I am seriously considering not using it if I have to tell users to add my installer or executable to Windows Defender exclusion lists.

How soon can 1.5.x be blessed by MS so I can stick with it? Or how, exactly, can this risk be mitigated?

Gareth Hayter

unread,

Dec 20, 2021, 9:24:52 PM12/20/21

to Excel-DNA

Hi Guys

This is where we need to submit our files, to tell the Microsoft Defender that our files are false positives:

https://www.microsoft.com/en-us/wdsi/filesubmission?persona=SoftwareDeveloper

Hopefully if enough of us submit our files it will make a difference.

Good luck,

Gareth.

Reply all

Reply to author

Forward