koboldcpp-1.62.2.tar.gz is detected as Trojan:Script/Wacatac.B!ml by Windows Security

[savareyhano]

A trojan is detected by Windows Security after finished downloading the 'koboldcpp-1.62.2.tar.gz' from the koboldcpp-1.62.2 releases page.

[LostRuins]

It's a false positive. Though I think you downloaded the wrong file - for windows you should download KoboldCpp.exe instead. The tar.gz archive contains source code and is intended for people who want to build kobold from source.

If you can extract the tarball and find which file within the archive is causing issues, that would be good.

For reference, here's the virustotal results for that archive. Feel free to cross examine it or upload it for scanning yourself. https://www.virustotal.com/gui/file/ac300262d43c9b1ec4fcbbec7614f37bfbb69e9ce302a73f4af06885d04efd98

[VL4DST3R]

Just so you know, I got the same warning for the exe as well, but didn't bother to post about it since I also figured it was a false positive. I am a bit curious however why is this being detected as such now?

[LostRuins]

My guess is probably there is something in the pyinstaller build that is tripping one of window's machine learning cloud heuristics. Note the detection name as Wacatac.B!ml, which is a generic catch-all for anything flagged by ML detection, as microsoft continues to modify and tweak their algorithms.

Hopefully this does not occur in future builds, but it's not something I can control.