1.0.5.4 marked as malware by Defender

[Deadmoo5e]

Hello just downloaded 1.0.5.4 and it was marked by Defender as malware Behavior:Win32/DefenseEvasion.A!ml

VirusTotal doesn't show anything suspicious https://www.virustotal.com/gui/file/0a0febdffa2fa03edaffff2a939bfcd770f32b459faff8df0f343dbdeb9867dc?nocache=1

I have been using LightAMP for more than a year now, what changed?

[GiR-Zippo]

It's a false positive.

My bet what is causing this maybe (cuz defender isn't telling me why it's detected):

• the obvious: MS got some new signatures and some of them are reporting false positives now
• the memory reader alias Sharlayan, which is required to read some informations of the client. (https://github.com/GiR-Zippo/LightAmp/tree/main/BardMusicPlayer.Seer/Reader/Backend/Sharlayan)
• machina, which is used to get the packet stream and read if the char is equipped, the ensemble request and the data when the world was changed (https://github.com/GiR-Zippo/LightAmp/tree/main/BardMusicPlayer.Seer/Reader/Backend/Machina) Specially machina got some changes recently, cuz SE was introducing oodle.

Oh, defender even told me once the 32bit lib of melanchall is malicious (thet's the midi processing lib). The 64bit one was fine... I'm gonna take a look what is causing defender to nag...

Edit: My defender isn't nagging anymore... can't even find a trace when it was complaining about the LA, but I know it was complaining... -.-

[Deadmoo5e]

Hello thanks for reply.

My Defender doesn't detect anything at the moment either. Prolly something was wrong with yesterday Defender signature update.