Skip to content

[BUG]: Analyzer.exe is getting deleted by antivirus as it is determined to be malicious by several security vendors #1811

New issue
New issue
Open
Bug
Open
[BUG]: Analyzer.exe is getting deleted by antivirus as it is determined to be malicious by several security vendors#1811
Bug
Labels
needs-triageNeeds Triage
@RadhaKrishnaRajoju

Description

@RadhaKrishnaRajoju
RadhaKrishnaRajoju
opened on Jul 7, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Category of Bug / Issue

Analyzer bug

Current Behavior

Analyzer.exe is getting deleted by antivirus as it is determined to be malicious by several security vendors
please find the inputs from the security team;

"
There are two different versions of Analyzer.exe that were determined to be malicious by several security vendor. They have triggered incidents and were blocked/deleted by Defender. You can check file details as below,

https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.virustotal.com%2Fgui%2Ffile%2F6465c483dea37ac161400c22697b0a3600b5d09476a2595c94de121094cd5d73%2Fdetection&data=05%7C02%7CRadhaKrishna.Rajoju%40rci.rogers.com%7Cf88d49f69ac1407d629908ddbb28b4e9%7C0ab4cbbf4bc74826b52ca14fed5286b9%7C0%7C0%7C638872505704241937%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=zztqz4Fct6ShePT%2BkF8BAcgoHuMD42tVhM0Go4A2ylU%3D&reserved=0

https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.virustotal.com%2Fgui%2Ffile%2F5dc009facd67fb1174bbb324a172dae11b2bebb9599dcbbd31f928c1c57cb52d%2Fdetection&data=05%7C02%7CRadhaKrishna.Rajoju%40rci.rogers.com%7Cf88d49f69ac1407d629908ddbb28b4e9%7C0ab4cbbf4bc74826b52ca14fed5286b9%7C0%7C0%7C638872505704251864%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=wUexa5%2B%2Fp2O1doePRqYBI3xM%2FZDLf6LbCleSE%2B9Gteg%3D&reserved=0

Both versions were created at “2021-01-11 15:47:08 UTC” and it is not signed. Can we ask team if they can obtain a signed or newer version? If not, do we have evidence that these are legitimate tools?
"

Expected Behavior

No response

Steps To Reproduce

No response

Relevant log output or Exception details



Sample Query




Operating System


Windows


Version


latest via Databricks CLI
Metadata
Metadata
Assignees
No one assigned
    Labels
    needs-triageNeeds Triage
    Type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions