Handle installers blocked by defender virus scan

SECURITY.md

@@ -30,6 +30,10 @@ This information will help us triage your report more quickly.
 
 If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
 
+## Virus and Threat Protection
+
+Winget-Create relies on downloading installers and parsing the package for relevant metadata. **Winget-Create does not scan or protect the user from files that may contain viruses.** As with any downloaded file, please verify that the provided installer URL points to a trusted and verified source. If the installer you have provided is blocked due to virus scanning, please take necessary precautions to protect your machine and visit [Virus Threat Protection in Windows Security](https://support.microsoft.com/en-us/windows/virus-threat-protection-in-windows-security-1362f4cd-d71a-b52a-0b66-c2820032b65e) for more details.
+
 ## Preferred Languages
 
 We prefer all communications to be in English.

src/WingetCreateCLI/Commands/NewCommand.cs

@@ -117,9 +117,25 @@ public override async Task<bool> Execute()
                     PackageParser.ParsePackages(packageFiles, this.InstallerUrls, manifests, out List<PackageParser.DetectedArch> detectedArchs);
                     DisplayMismatchedArchitectures(detectedArchs);
                 }
-                catch (ParsePackageException exception)
+                catch (Exception e)
                 {
-                    exception.ParseFailedInstallerUrls.ForEach(i => Logger.ErrorLocalized(nameof(Resources.PackageParsing_Error), i));
+                    if (e is ParsePackageException parsePackageException)
+                    {
+                        parsePackageException.ParseFailedInstallerUrls.ForEach(i => Logger.ErrorLocalized(nameof(Resources.PackageParsing_Error), i));
+                    }
+                    else if (e is IOException iOException)
+                    {
+                        if (iOException.HResult == -2147024671)
+                        {
+                            // This HResult indicates the installer was blocked by defender scan due to virus detection.
+                            Logger.ErrorLocalized(nameof(Resources.DefenderVirus_ErrorMessage));
+                        }
+                        else
+                        {
+                            Logger.ErrorLocalized(nameof(Resources.Error_Prefix), iOException.Message);
+                        }
+                    }
+
                     return false;
                 }
 

src/WingetCreateCLI/Commands/UpdateCommand.cs

@@ -247,24 +247,27 @@ public async Task<Manifests> UpdateManifestsAutonomously(Manifests manifests)
 
                 DisplayMismatchedArchitectures(detectedArchOfInstallers);
             }
-            catch (InvalidOperationException)
+            catch (Exception e)
             {
-                Logger.ErrorLocalized(nameof(Resources.InstallerCountMustMatch_Error));
-                return null;
-            }
-            catch (ParsePackageException parsePackageException)
-            {
-                parsePackageException.ParseFailedInstallerUrls.ForEach(i => Logger.ErrorLocalized(nameof(Resources.PackageParsing_Error), i));
-                return null;
-            }
-            catch (InstallerMatchException installerMatchException)
-            {
-                Console.WriteLine();
-                Logger.ErrorLocalized(nameof(Resources.NewInstallerUrlMustMatchExisting_Message));
-                installerMatchException.MultipleMatchedInstallers.ForEach(i => Logger.ErrorLocalized(nameof(Resources.UnmatchedInstaller_Error), i.Architecture, i.InstallerType, i.InstallerUrl));
-                installerMatchException.UnmatchedInstallers.ForEach(i => Logger.ErrorLocalized(nameof(Resources.MultipleMatchedInstaller_Error), i.Architecture, i.InstallerType, i.InstallerUrl));
-                Console.WriteLine();
-                Logger.WarnLocalized(nameof(Resources.ResolveMatchingConflicts_Message));
+                if (e is InvalidOperationException)
+                {
+                    Logger.ErrorLocalized(nameof(Resources.InstallerCountMustMatch_Error));
+                }
+                else if (e is IOException)
+                {
+                    Logger.ErrorLocalized(nameof(Resources.DefenderVirus_ErrorMessage));
+                }
+                else if (e is ParsePackageException parsePackageException)
+                {
+                    parsePackageException.ParseFailedInstallerUrls.ForEach(i => Logger.ErrorLocalized(nameof(Resources.PackageParsing_Error), i));
+                }
+                else if (e is InstallerMatchException installerMatchException)
+                {
+                    Logger.ErrorLocalized(nameof(Resources.NewInstallerUrlMustMatchExisting_Message));
+                    installerMatchException.MultipleMatchedInstallers.ForEach(i => Logger.ErrorLocalized(nameof(Resources.UnmatchedInstaller_Error), i.Architecture, i.InstallerType, i.InstallerUrl));
+                    installerMatchException.UnmatchedInstallers.ForEach(i => Logger.ErrorLocalized(nameof(Resources.MultipleMatchedInstaller_Error), i.Architecture, i.InstallerType, i.InstallerUrl));
+                }
+
                 return null;
             }
 
@@ -436,6 +439,7 @@ private async Task UpdateSingleInstallerInteractively(Installer installer)
                 else if (!PackageParser.ParsePackageAndUpdateInstallerNode(installer, packageFile, url))
                 {
                     Logger.ErrorLocalized(nameof(Resources.PackageParsing_Error), url);
+                    Console.WriteLine();
                 }
                 else
                 {

src/WingetCreateCLI/Properties/Resources.resx

@@ -766,4 +766,7 @@
     <value>To resolve matching conflicts manually, use the --interactive flag.</value>
     <comment>`--interactive` - refers to a flag that can be included with the command</comment>
   </data>
+  <data name="DefenderVirus_ErrorMessage" xml:space="preserve">
+    <value>Operation did not complete successfully because the downloaded file contains a virus or potentially unwanted software. For more information on potentially unwanted software and what options are available, see https://aka.ms/winget-create-security</value>
+  </data>
 </root>

src/WingetCreateCore/Common/PackageParser.cs

@@ -294,9 +294,6 @@ public static void UpdateInstallerNodesAsync(
         /// <returns>Boolean indicating whether the package parse was successful.</returns>
         public static bool ParsePackageAndUpdateInstallerNode(Installer installer, string path, string url)
         {
-            // Clean out values from installer which could be present from 
-            InstallerType initialInstallerType = installer.InstallerType.Value;
-
             List<Installer> newInstallers = new List<Installer>();
             bool parseResult = ParseExeInstallerType(path, installer, newInstallers) ||
                 ParseMsix(path, installer, null, newInstallers) ||