First off, I'm new to GrapheneOS but really loving it so far! Can you help with a sanity check on something I'm sure is a false positive? My SeedVault backups go to Nextcloud and I backup app data and apps. All has been fine. Last night I logged into a Win11 box and when Nextcloud did a sync, a file in my SeedVault was flagged as a trojan by Microsoft Defender (Trojan:Script/Sabsik.FL.A!ml)
This is confusing because I would think Microsoft defender is doing a hash signature check and these files are encrypted...even if there was a trojan it would be encrypted and likely not detected.
I cleared my backups, did a fresh one and got the same result.
Then I cleared my backups again, did another fresh backup and nothing was detected by Bitdefender or Microsoft defender. Which further makes me think its a false positive.
There are minimal apps on the phone and only well known apps from trusted sources.
My main desktop is running Linux and not scanning this backup so it just surprised me when Win11 "found" something.
Has anyone else seen this? I'm wondering if a pile of encrypted files somehow tripped the crappy defender to think ransomware or something. Appreciate your thoughts.