Skip to content

docs: document MS Defender / antivirus false-positive flagging of Desktop Commander#544

Open
mvanhorn wants to merge 2 commits into
wonderwhy-er:mainfrom
mvanhorn:fix/511-docs-defender-false-positive-warning
Open

docs: document MS Defender / antivirus false-positive flagging of Desktop Commander#544
mvanhorn wants to merge 2 commits into
wonderwhy-er:mainfrom
mvanhorn:fix/511-docs-defender-false-positive-warning

Conversation

@mvanhorn

@mvanhorn mvanhorn commented Jul 9, 2026

Copy link
Copy Markdown

Summary

Document MS Defender / antivirus false-positive flagging of Desktop Commander.

Why this matters

A user (mdunc) on a managed corporate macOS machine reported that Microsoft Defender raised a high-severity "remote shell detected" alert as soon as a terminal command was run through Desktop Commander (DC), because an MCP server executing terminal commands looks like a remote shell to EDR software. The alert nearly got them fired and they were required to uninstall the plugin. It is a false positive, not a real threat. The maintainer (wonderwhy-er, OWNER) responded three times within a day, explicitly agreed "that's on us to make clearer, not on you," and asked for setup details to "warn people properly." The reporter suggested "It may be useful to have a disclaimer or warning added."

Testing

Changes are scoped to the files named in the fix; added or updated tests where the project has a suite, and matched existing conventions.

Fixes #511

Summary by CodeRabbit

  • Documentation
    • Updated the FAQ with new troubleshooting guidance for antivirus/Microsoft Defender “remote shell” false positives, including a dedicated question and explanation for flagged terminal command execution.
    • Expanded the FAQ’s Jupyter notebook comparison guidance to recommend using both tools together for data science/analysis.
    • Refreshed the README security warnings with a new second item about antivirus/EDR false positives (linked to the FAQ) and adjusted the warning order.
    • Added an explicit anchor before the Docker installation section for easier navigation.

@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cc6eee76-2c57-471c-a90e-4a0c50c74a43

📥 Commits

Reviewing files that changed from the base of the PR and between c64dc55 and 16283a1.

📒 Files selected for processing (1)
  • README.md
✅ Files skipped from review due to trivial changes (1)
  • README.md

📝 Walkthrough

Walkthrough

FAQ.md and README.md were updated with antivirus/EDR false-positive guidance for Desktop Commander’s terminal execution, plus a small Jupyter comparison note and a new README anchor for the Docker installation section.

Changes

Antivirus/EDR guidance and docs navigation

Layer / File(s) Summary
FAQ troubleshooting and comparison notes
FAQ.md
Adds a Table of Contents link and troubleshooting section for Microsoft Defender or antivirus remote-shell alerts, and adds a Jupyter comparison sentence.
README anchor and security warning
README.md
Adds a stable in-page anchor for the Docker installation section and inserts an antivirus/EDR false-positive warning into the security warnings list.

Estimated code review effort: 1 (Trivial) | ~3 minutes

Possibly related PRs

Suggested labels: size:S

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Out of Scope Changes check ⚠️ Warning The FAQ adds an unrelated Jupyter notebooks recommendation that is outside the Defender warning request. Remove or separate the Jupyter notebooks comparison change unless it is part of a linked documentation objective.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and concisely describes the main documentation change about antivirus false-positive warnings.
Linked Issues check ✅ Passed The README and FAQ updates add the requested Defender/antivirus false-positive warning for managed machines.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Around line 823-829: The Docker installation link in the production security
bullet is pointing to a fragment that does not match a resolvable heading, so
update the link target in README to use a real existing anchor or add a matching
named anchor near the Docker installation section. Use the existing “Option 6:
Docker Installation” heading as the reference point and ensure the markdown
fragment matches GitHub’s generated anchor exactly.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f1aac71b-9c60-47f0-a68d-064d852a1845

📥 Commits

Reviewing files that changed from the base of the PR and between d627e1b and c64dc55.

📒 Files selected for processing (2)
  • FAQ.md
  • README.md

Comment thread README.md Outdated
@mvanhorn

mvanhorn commented Jul 9, 2026

Copy link
Copy Markdown
Author

Fixed the Docker installation section reference coderabbit flagged.

@rajpratham1 rajpratham1 left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for adding this documentation! I reviewed the changes and they improve the onboarding experience without affecting functionality.

Highlights:

Documents a common source of confusion where Microsoft Defender or other endpoint security tools may flag Desktop Commander because it executes shell commands through an MCP server.
Clearly explains that these alerts can be expected behavior rather than an indication of malware.
Advises users on managed or enterprise devices to consult their IT/security team before proceeding.
Adds a direct reference from the README to the detailed FAQ entry, making the information easier to discover.
Keeps the documentation concise while setting appropriate expectations for users encountering antivirus or EDR warnings.

Overall, this is a useful documentation improvement that should reduce unnecessary support requests and help users understand expected security alerts. LGTM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

MS Defender flags as remote shell

2 participants