Describe the feature request

FRP is a reverse proxy, which has good uses, but is also useful for getting past firewalls and security.

There are reports of malware using FRP to communicate so that they are not as easily identified:

• Attackers Using FRP (Fast Reverse Proxy) to Attack Korean Companies
• Fast Reverse Proxy Backdoor Analysis Report (IRIS-13302)

On a VirusTotal scan, you can see from the naming that some antiviruses are simply detecting it because of the utility for malware even though the antivirus vendors know it is not malware.

• ESET-NOD32: A Variant Of WinGo/Riskware.Frp.C
• Kaspersky: Not-a-virus:VHO:NetTool.Win64.Convagent.gen
• Sophos: Mal/Generic-S + Fast Reverse Proxy (PUA)
• Symantec: FastReverseProxy
• Zillya: Tool.Frp.Win64.41
• ZoneAlarm by Check Point: Not-a-virus:VHO:NetTool.Win64.Convagent.gen

etc.

Because of this, I doubt that it will stop being detected, and the likely best outcome is FRP still getting detected but marked as Not-a-virus, HackTool, Riskware, etc. so that users are not scared.

The documentation/readme should mention this in order to avoid confusion, particularly for windows users.

Maybe visibility on windows could also be increased, but it might make it uglier/be a distraction. For example, an icon could appear in the system tray or taskbar when FRPC is running, which would make malware authors more likely to avoid using it.

Describe alternatives you've considered

No response

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others