Description
Kaspersky File Anti-Virus detected and deleted the official Windows x64 hapi.exe binary as a Trojan.
The detected file appears to be the official binary from the npm package @twsxtd/hapi-win32-x64@0.18.4.
Environment
- OS: Windows
- Package:
@twsxtd/hapi-win32-x64
- Version:
0.18.4
- Binary:
bin/hapi.exe
- Antivirus: Kaspersky
Kaspersky detection details
Application name: node.exe
Component: File Anti-Virus
Result description: Deleted
Type: Trojan
Name: Trojan.Win64.Agent.smghfc
Accuracy: Exact
Threat level: High
Object type: File
Object name: hapi.exe
Object MD5: 6489ABDAC9AC440363E1C51EB30829D7
Verification
I downloaded the official npm tarball:
https://registry.npmjs.org/@twsxtd/hapi-win32-x64/-/hapi-win32-x64-0.18.4.tgz
The npm package integrity checks matched the registry metadata.
Official npm package SHA1:
540b988f30d636b17f67a8c51f0c69c3ea8d8c3bf
Downloaded package SHA1:
540b988f30d636b17f67a8c51f0c69c3ea8d8c3bf
Extracted official package/bin/hapi.exe:
MD5: 6489ABDAC9AC440363E1C51EB30829D7
SHA1: 63818b9cceb3ef9d5ccbc1dad5031e7ef48051ef
SHA256: dbb954e9ef0172f0c14d2e82d7754043cbc200a1d4e82e63a72078b22d68ef08
The MD5 matches the file deleted by Kaspersky, so this appears to be a false positive against the official binary.
Request
Could you please confirm whether this binary is expected and consider reporting this false positive to Kaspersky or documenting the recommended workaround?
Description
Kaspersky File Anti-Virus detected and deleted the official Windows x64
hapi.exebinary as a Trojan.The detected file appears to be the official binary from the npm package
@twsxtd/hapi-win32-x64@0.18.4.Environment
@twsxtd/hapi-win32-x640.18.4bin/hapi.exeKaspersky detection details
Verification
I downloaded the official npm tarball:
The npm package integrity checks matched the registry metadata.
Official npm package SHA1:
Downloaded package SHA1:
Extracted official
package/bin/hapi.exe:The MD5 matches the file deleted by Kaspersky, so this appears to be a false positive against the official binary.
Request
Could you please confirm whether this binary is expected and consider reporting this false positive to Kaspersky or documenting the recommended workaround?