Question

Produce steps: manually download the latest BSS, windows defender error pop out, cant reproduce it with 3.9.1, what happened?

Coincidentally, I just noticed that today about an hour or so ago.
The faulty file appears to be the embedded tcdcommons-3.9.2+fabric-1.20.1.jar file. For obvious reasons, this jumpscared me as well.

I ran further tests on VirusTotal, for Better Stats and TCDCommons, but nothing was found. I then tried using KVRT, but it too did not spot anything. Altho strangely, when unzipping the tcdcommons jar file, the Windows Defender detections suddenly stop.

My best guess is that somehow, the stars have aligned, and I managed to produce a file that has the same hash as some obscure virus file out there, creating a false-positive. I do not know how to resolve this other than compile and publish a new version. And of course, Microsoft being Microsoft, they made their website a liteal maze to navigate (because I was trying to see if there was a way to report a false-positive).

Update:

I just found a file submission form on Microsoft's website, and used it to submit the flagged file through there in hopes that that'll resolve the issue. Next up, I guess we just wait and hope the issue gets resolved. If not, then I think publishing a new version would resolve the issue.

Update 2: I received a response from Microsoft;

At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus

Thank you for contacting Microsoft.

^ The above text is their response.

So I guess the issue is resolved now.
Thank you once again for reporting the issue!

In case anyone else wants to follow the instrustions given in the response, the administrative command prompt commands are:

cd C:\Program Files\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate

Thanks :D, thing is working, close this thread now, thanks again

Hi, sorry for bothering you again, todays afternoon i was able to download 3.9.2, but now im facing the same problem again, and ive tried to clear cached detections again as what uve provided the steps but have no luck, could you please test it again?

I actually dont know what is going on.. i tried clear cached detections again and now it works.. i love microsoft

Yeah, I personally noticed that in my experience Microsoft's products in general tend to be buggy from time to time.
Hopefully it doesn't cause any further issues.