The penetration testing and security auditing platform called Kali Linux is
now available in the Windows 10 Store as a Linux environment that can be used with the Windows Subsystem for Linux (WSL). The problem is someone forgot one little thing. Some of Kali's more popular packages are detected as hacktools and exploits by Windows Defender.
For those not familiar with Kali Linux, it is a Linux distribution geared towards penetration testing, forensics, reversing, and security auditing. Using Kali you can download a variety of security related programs such as Metasploit, Armitage, Burp, and more and use them to test your network for security holes.
In order to use Kali, you will first need to install the Windows Subsystem for Linux from the Windows Features control panel. Once installed, you can go to the Windows Store, search for Kali Linux, and install it for free.
Once you get Kali running and start installing tools, though, you run into a problem. Kali will appear to hang and ultimately error out, while Windows Defender begins to display virus alerts.
It appears that the developers in Microsoft's WSL team forgot to tell the Windows Defender team about Kali Linux's availability. This is because some of Kali's packages will be detected as hacktools, viruses, and exploits when you try to install them!
Windows Defender Quarantined These Kali Packages
If you take a look at one of the detected threats details, you can clearly see that some of the Metasploit components are being detected by Windows Defender when we try to install it in Kali.
