I see a 2 year old reddit post asking about this, but I thought I'd check as that could have changed by now.
I have a client that is reporting that our latest installer flags their ransomware tool when talking to our hardware over a network connection... which is 99.9% likely to be a false positive as the network protocol is a fully custom binary protocol and we're just not an important target.
I've been looking through reported vulnerabilities... but it's not a normal process for me so I want to make sure I don't miss anything.
I have an old build environment VM that for unsupported vendor tool reasons has to stay running Windows XP and VS 2008 and some other stuff. This is in a VM running from my Windows 11 desktop via Workstation. It's only on during the very short windows I need to check code out of Perforce source control and build something. It's also firewalled at the host to only allow a connection to that Perforce server on that service's TCP port (set to a non-standard port number as well)... so for all intents and purposes it's invisible and unreachable over the network.
I've already verified the web hosting file matches the file on the build VM itself, with both MD5 and SHA1 sum matches (individually vulnerable, but both together can't be faked)
Just to do my due diligence, I am looking to make sure there's no known malware that uses an infected desktop to attack that VM. There aren't any Perforce vulnerabilities... at least for the Linux based server.