Windows Service Wrapper WinSW.exe is reported in Microsoft Defender as Thread

[seedwa]

Summary
When Windows Defender scans the WinSW.exe it reports an security issue "PUABundler:Win32/CandyOpen".

Steps to reproduce

1. Download WinSW.exe (any version report issues)
2. Scan with Defender by right-click on executable and selecting Defender

Environment

• WinSW version: any will report
• WinSW package type: any will cause this issue
• Windows version: 10 and 11
• Wrapped executable and version: WinSW in Jenkinx Version 2.440.3 LTS also reports. Even the jenkins.msi reports the same issue due to the tagged WinSW binary

Possible Solution

Unkown

[daniel-beck]

@seedwa Do you have any reason to believe this is a true positive finding?

https://en.wikipedia.org/wiki/OpenCandy

OpenCandy was an adware module and a potentially unwanted program classified as malware by many anti-virus vendors. … After massive criticism of the software occurred, it was eventually discontinued in August of 2016.

This looks very wrong and should be reported as such to Microsoft.

From them, it doesn't appear to be a different, recent finding either.

Microsoft doesn't have any details on PUABundler:Win32/CandyOpen unfortunately.