Windows Defender detects Trojan:Script/Wacatac.B!ml

[cihanwoicke]

Quick summary

Download on Windows 11 fails because Windows Defender blocks the file.

• Issue found in build: 0.0.31-16198
• 2nd newest build is fine: 0.0.31-16196

Details

Either downloading the latest windows build from https://rpcs3.net/download or updating from within an existing rpcs3 installation fails with a windows defender warning for the newest build:

https://github.com/RPCS3/rpcs3-binaries-win/releases/download/build-bb809c865fc6830ad877abae30126a5879c610cd/rpcs3-v0.0.31-16198-bb809c86_win64.7z

Attach a log file

RPCS3.log

Attach capture files for visual issues

No response

System configuration

Windows 11 Version 23H2 (Build 22631.3235)

Other details

No response

[MSuih]

Modern antivirus programs use machine learning based algoritms to detect suspicious patterns in code and then flag those as potential viruses. It is good at catching viruses that try to obfuscate their code but it causes a lot of false positives in less-common software.

The only thing we can do is ask users to report it as false positive to Microsoft and then pray that either they fix their stuff or that a future build contains slightly different code patterns that don't get flagged.

[AniLeo]

Not our bug, you can report it to Microsoft as a false positive as it was mentioned and add the RPCS3 folder to the whitelist.

[marcjuhl]

I submitted a report...

https://www.microsoft.com/en-us/wdsi/submission/651323db-abf5-429a-b6db-47218ba60a7e

[AniLeo]

Thanks, we can't see the status of the ticket but please update here if you get a reply

You are not authorized to view details for the requested submission id

[marcjuhl]

The analyst comment says no malware detected

[j77h]

It's a 7z file. A lot of clean 7z files are getting blocked by Defender. But not all of them - it's quite erratic - the same file can be blocked one minute ans not blocked later, or vice versa. Google for "defender" "7z" "wacatac".