Well, you’ve already executed one file I made so I don’t see how this is exposing you to any additional risk.
In addition to that, if you actually look at the VirusTotal report you’ll see this:
Let’s look at those three engines which detected it:
Searching that first one will bring you these results:
Notice how one of those image results is a report with 2 detections? That’s pretty similar to this case, and would either mean that Cynet is better than the ~68 other antiviruses, or that it’s a false positive. You’ll also notice that the last result in the list refers to Cynet accusing rustup-init.exe of being “malicious (score: 100)”. That file is a programming tool developed by the Rust programming language foundation. Guess what language quite a bit of the SMF and its tools are developed in? Unless Cynet has discovered a conspiracy that even Microsoft doesn’t know about, I doubt that it’s particularly trustworthy.
DeepInstinct is not a very well-known company, and you won’t really find much googling for it and VirusTotal. You will find this though:
Symantec, the company who creates Norton (the antivirus which once flagged Spotify as a trojan, though that was a while ago, the company which deliberately whitelisted a keylogger made by the FBI and the company who “has been criticized by some consumers for perceived ethical violations, including allegations that support technicians would tell customers that their systems were infected and needed a technician to resolve it remotely for an extra fee”), is not necessarily bad at their job. You will however notice that the detection note is “ML.Attribute.HighConfidence”. The ML here stands for “Machine Learning”; this detection was made by an AI purely based on how the program seems. My only guess here is that it flags anything which reads the registry and system files, though that is a lot of programs.
I’m not sure why your Defender flagged it as a trojan, given this:
It may however have flagged it as being uncommonly downloaded, which usually triggers a scary warning intended to protect people from little-known malware and in practice usually happens to anything whatsoever.
If you don’t trust the 67 antiviruses that say it’s safe, you could also verify it yourself by looking at the 88 total lines of code which make up the program:
use std::fs;
use anyhow::{Context, Result};
use registry::{Data, Hive, Security};
use serde_json::{to_string, Value};
fn main() {
let mut errors = vec![];
(|| -> Result<()> {
let mut bla = vec![];
if let Ok(hive) = Hive::CurrentUser.open(r#"Software\Epic Games\EOS"#, Security::Read) {
match hive.value("ModSdkMetadataDir") {
Ok(Data::String(d)) => {
if let Ok(entries) = fs::read_dir(d.to_string_lossy()) {
for entry in entries
.filter_map(|x| x.ok())
.filter(|x| x.file_type().ok().map(|x| x.is_file()).unwrap_or(false))
{
if let Ok(manifest_data) = serde_json::from_slice::<Value>(
&fs::read(entry.path()).with_context(|| {
format!("Reading EOS manifest {}", entry.path().display())
})?,
) {
bla.push((
manifest_data
.get("AppName")
.context("AppName")?
.as_str()
.context("as_str")?
.to_owned(),
manifest_data
.get("AppName")
.context("AppName")?
.as_str()
.context("as_str")?
.to_owned(),
manifest_data
.get("DisplayName")
.context("DisplayName")?
.as_str()
.context("as_str")?
.to_owned(),
manifest_data
.get("MainGameAppName")
.context("MainGameAppName")?
.as_str()
.context("as_str")?
.to_owned(),
));
} else {
errors.push(format!(
"Could not manifest with contents '{}' as JSON",
fs::read_to_string(entry.path()).with_context(|| {
format!("Reading EOS manifest {}", entry.path().display())
})?
))
}
}
} else {
fs::write(
"data.json",
"[\"Could not read entries of mod SDK metadata dir\"]",
)?;
panic!("Wrote error to data.json")
}
}
_ => {
fs::write(
"data.json",
"[\"Could not read ModSdkMetadataDir as string\"]",
)?;
panic!("Wrote error to data.json")
}
}
}
fs::write("data.json", to_string(&(bla, errors))?)?;
Ok(())
})()
.unwrap_or_else(|e| {
fs::write("data.json", to_string(&[e.to_string()]).unwrap()).unwrap();
panic!("Wrote error to data.json")
});
}