From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <adam@dinwoodie.org>
Received: from dalaran.tastycake.net (dalaran.tastycake.net
 [IPv6:2001:ba8:0:1c0::1:1])
 by sourceware.org (Postfix) with ESMTPS id 4352D385829A
 for <cygwin@cygwin.com>; Tue, 19 Jul 2022 12:40:51 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4352D385829A
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=dinwoodie.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=dinwoodie.org
Received: from
 c.a.1.d.d.f.6.c.f.8.d.f.b.e.b.6.d.a.0.2.5.1.e.d.0.b.8.0.1.0.0.2.ip6.arpa
 ([2001:8b0:de15:20ad:6beb:fd8f:c6fd:d1ac] helo=lucy.dinwoodie.org)
 by dalaran.tastycake.net with esmtpsa
 (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1)
 (envelope-from <adam@dinwoodie.org>) id 1oDmWv-0004si-QR
 for cygwin@cygwin.com; Tue, 19 Jul 2022 13:40:49 +0100
Received: from adam by lucy.dinwoodie.org with local (Exim 4.94.2)
 (envelope-from <adam@dinwoodie.org>) id 1oDmWu-002otQ-J5
 for cygwin@cygwin.com; Tue, 19 Jul 2022 13:40:48 +0100
Date: Tue, 19 Jul 2022 13:40:48 +0100
From: Adam Dinwoodie <adam@dinwoodie.org>
To: cygwin@cygwin.com
Subject: Re: Fortinet AV reports virus in trust.exe
Message-ID: <20220719124048.7eivxtrruafh5lru@lucy.dinwoodie.org>
Reply-To: cygwin@cygwin.com
References: <DB4PR09MB577631D6280A8C47E58B5A55C28F9@DB4PR09MB5776.eurprd09.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <DB4PR09MB577631D6280A8C47E58B5A55C28F9@DB4PR09MB5776.eurprd09.prod.outlook.com>
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00, KAM_DMARC_STATUS,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: cygwin@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin>,
 <mailto:cygwin-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2022 12:40:53 -0000

On Tue, Jul 19, 2022 at 08:40:48AM +0000, Tuomo Takkula via Cygwin wrote:
> Hi,
> 
> Fortinet Antivirus reported W64/Encoder.834E!tr in my local cygwin installation. When I tried to rectify be reinstalling, Fortinet barked on the installation files as well. As this is a company box, I'm somewhat at the end of my tether  - cannot inspect or otherwise investigate the file. 
> That is I cannot check whether it's possibly a false positive or not.
> 
> What's the usual procedure for this?

https://cygwin.com/faq/faq.html#faq.setup.virus

In short: you'll need to take up the issue with Fortinet and/or your
employer's IT department.  It's very likely a false positive, and we're
not going to be able to help until or unless you can show otherwise.