Payara Server 5.2020.4 Trojan:Script/Oneeva.A!ml

I just faced off an strange event when I tried to download the lastest Payara Server Community Full Edition (5.2020.4) on Payara website or on maven: Windows Defender made a trojan alert.

The detected threat is Trojan:Script/Oneeva.A!ml on the payara-5.2020.4.zip file.

I haven't the issue on multi-language or older version.

Have you any info about that?

It looks much like a false positive. I tried running Windows Defender against Payara 5.2020.4 on my computer and it also claimed it detected the same threat, on the file glassfish/modules/war-util.jar in the ZIP. However, it doesn't detect any threat on 5.2020.3. I uploaded the Payara zip with the detected thread to https://www.virustotal.com/gui/home/upload and it shows that no virus scanning engine reports the ZIP as infected. Then I unpacked the war-util.jar from Payara ZIP and ran Windows Defender scan on it, and WD reported 44 files scanned and no threat. So evidently it's a false alarm and WD doesn't go into the file to confirm it really contains threats.

There are people on the internet that also came across Windows Defender detecting the same threat for other file, sometimes even files they created with a serious software, like a spreadsheet created in MS Excel. All of those look like false positives.

One particular case, for example (described here: https://answers.microsoft.com/en-us/windows/forum/all/trojanscriptoneevaaml/1a76e5c3-3ac4-4aea-a37d-51c2a1b40a17?page=3):

• excel file used daily for many years
• no other detection for this specific infection
• detection is designated as an "!ml" (e.g. Machine Learning) type, which is AI based (not signature)

In another case, a user was running Norton A/V, which didn't report any threat. When stopped Norton A/V to update Windows Defender, WD detected this threat immediately on a file that was also previously scanned by Norton A/V without any threat detected.