docs: document MS Defender / antivirus false-positive flagging of Desktop Commander#544
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughFAQ.md and README.md were updated with antivirus/EDR false-positive guidance for Desktop Commander’s terminal execution, plus a small Jupyter comparison note and a new README anchor for the Docker installation section. ChangesAntivirus/EDR guidance and docs navigation
Estimated code review effort: 1 (Trivial) | ~3 minutes Possibly related PRs
Suggested labels: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@README.md`:
- Around line 823-829: The Docker installation link in the production security
bullet is pointing to a fragment that does not match a resolvable heading, so
update the link target in README to use a real existing anchor or add a matching
named anchor near the Docker installation section. Use the existing “Option 6:
Docker Installation” heading as the reference point and ensure the markdown
fragment matches GitHub’s generated anchor exactly.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
|
Fixed the Docker installation section reference coderabbit flagged. |
rajpratham1
left a comment
There was a problem hiding this comment.
Thanks for adding this documentation! I reviewed the changes and they improve the onboarding experience without affecting functionality.
Highlights:
Documents a common source of confusion where Microsoft Defender or other endpoint security tools may flag Desktop Commander because it executes shell commands through an MCP server.
Clearly explains that these alerts can be expected behavior rather than an indication of malware.
Advises users on managed or enterprise devices to consult their IT/security team before proceeding.
Adds a direct reference from the README to the detailed FAQ entry, making the information easier to discover.
Keeps the documentation concise while setting appropriate expectations for users encountering antivirus or EDR warnings.
Overall, this is a useful documentation improvement that should reduce unnecessary support requests and help users understand expected security alerts. LGTM.
Summary
Document MS Defender / antivirus false-positive flagging of Desktop Commander.
Why this matters
A user (mdunc) on a managed corporate macOS machine reported that Microsoft Defender raised a high-severity "remote shell detected" alert as soon as a terminal command was run through Desktop Commander (DC), because an MCP server executing terminal commands looks like a remote shell to EDR software. The alert nearly got them fired and they were required to uninstall the plugin. It is a false positive, not a real threat. The maintainer (wonderwhy-er, OWNER) responded three times within a day, explicitly agreed "that's on us to make clearer, not on you," and asked for setup details to "warn people properly." The reporter suggested "It may be useful to have a disclaimer or warning added."
Testing
Changes are scoped to the files named in the fix; added or updated tests where the project has a suite, and matched existing conventions.
Fixes #511
Summary by CodeRabbit