My security software found a critical vulnerability in log4net.dll in the folder C:\Program Files\WindowsApps\Audirvana.Audirvana-4118-9484-d80dbb7827cd_3.5.51.0_x64__q3nymrkmej12j\Audirvana\log4net.dll (ver 2.0.8.0)
It’s strange that you have this vulnerability popping up right now since it seems to have been here for more than a year. I will take a look at this with Damien as soon as possible.
Most probabily is a false alarm because of that dll behaviour. Audirvana it’s a 100% trusted app so if you installed from here no need to worry. However they can contact the AV company to tell them to remove from blacklist. I trust NOD32, but that’s only my opinion. You can add an exception in AV settings or if you still have concerns reinstall AS (backup your database first).
I also scanned my Audirvana computer today with Eset NOD32, Windows defender, Malwarebytes and Hitman pro. To be sure I also used an online version of Bitdefender.
None of the programs gave a virus- or vulnerability warning about log4net.dll. The whole computer came up ‘clean’.
Seems indeed a false alarm.
If you do the log4net.dll file properties you can see that it is version 2.0.8.0 and according to CVE-2018-1285 it has a vulnerability. The solution is to update the log4net.dll to version 2.0.10 or higer.