I have been using kubectl.exe every day for several years, but today it was put in quarantine by Avast when trying to run the kubectl command in gitbash. (See attached photos).
The installed version of kubectl has not been updated since january this year.
I suspect it might be false threat, since kubectl is all about accessing Kubenetes clusters remotely. I don’t know how the inner mechanics are working here, but kubectl may be confused for malicious software trying to use SSH to access machines.
Since it is quite a big job to reinstall Windows on this machine, I would like to ask if this infection seems like a real threat?
You can send it to Avast for analysis from within the Quarantine area.
You could at your own risk also Restore it adding an exception at the same time.
Your screenshot (pixel size) is so massive as to be almost unreadable, especially on a 1080p screen.
Since Avast does not send replies to submissions, does that mean I have to update definitions in a couple of days, restore the file and see if it still is moved to quarantine?
You can create a new folder on your drive named say Avast-Samples (or something memorable so you know what it is for), add that to the Avast Exclusions. Now you can use the Extract option to send it to that folder without Avast alerting using the link below.
It could be that it may not be detected when you move it to the normal location, it may be being detected because of its actions when running. You can give some information on the issue when submitting the file for analysis, you could also give a link back to this topic.
Thank you for your detailed response. Much appreciated.
I’m doing a windows reinstall anyway, just in case. Funnily enough, when trying to download installation media for Windows 11, Avast said that the download site for win11 "software-static.download.prss.microsoft.com/… " was on a blacklist…
I see in another post here today, that another person also have problems with various dev tools, including kubectl, so it might be a false alarm.