From 55577ac794abf9eebd5bc73c3be8d97850dacc37 Mon Sep 17 00:00:00 2001
From: Alan Jowett <alan.jowett@microsoft.com>
Date: Sun, 14 Apr 2024 11:32:45 -0700
Subject: [PATCH] Workaround for malware false positives

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
---
 .github/workflows/ebpf.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ebpf.yml b/.github/workflows/ebpf.yml
index 8d2be360..15e4e4f7 100644
--- a/.github/workflows/ebpf.yml
+++ b/.github/workflows/ebpf.yml
@@ -109,9 +109,12 @@ jobs:
         New-item -ItemType Directory -Path ${{ github.workspace }}\ETL
 
     # Install the latest anti-malware signatures for Windows Defender to prevent false positives.
+    # Windows Defender incorrectly flags some of the test binaries as malware.
     - name: Download latest anti-malware signatures for Windows Defender
       run: |
-        Update-MpSignature
+        Update-MpSignature -Verbose
+        Start-MpScan -ScanType QuickScan
+        Add-MpPreference -ExclusionPath ${{ github.workspace }}
 
     - name: Download ebpf-for-windows
       uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe
@@ -305,3 +308,10 @@ jobs:
         if (Test-Path ${{ github.workspace }}\xdp) { Remove-Item -Recurse -Force ${{ github.workspace }}\xdp }
         if (Test-Path ${{ github.workspace }}\cts-traffic) { Remove-Item -Recurse -Force ${{ github.workspace }}\cts-traffic }
         if (Test-Path ${{ github.workspace }}\ETL) { Remove-Item -Recurse -Force ${{ github.workspace }}\ETL }
+        
+    - name: Restore Windows Defender exclusions
+      run: |
+        Remove-MpPreference -ExclusionPath ${{ github.workspace }}
+        Update-MpSignature -Verbose
+        Start-MpScan -ScanType QuickScan
+