Windows Defender identifies dnscrypt-proxy.exe as Trojan:Win32/Wacatac.B!ml

bitbeans / SimpleDnsCrypt

A simple management tool for dnscrypt-proxy

https://simplednscrypt.org

MIT License

2.27k stars 234 forks source link

Windows Defender identifies dnscrypt-proxy.exe as Trojan:Win32/Wacatac.B!ml #492

Open achidler opened 4 years ago

achidler commented 4 years ago

Starting from two days ago Windows Defender identifies dnscrypt-proxy.exe as Trojan:Win32/Wacatac.B!ml, removes the file and renders Simple DnsCrypt inoperable. Several other anti virus products started doing that as well:

https://simple-dnscrypt.en.lo4d.com/virus-malware-tests

How can the problem be solved?

jedisct1 commented 4 years ago

https://blogs.msdn.microsoft.com/elyasse/2010/08/09/where-to-submit-sample-malware-or-report-false-positives-for-microsoft-security-essentials/ https://www.microsoft.com/en-us/wdsi/filesubmission

achidler commented 4 years ago

https://www.virustotal.com/gui/file/e0cef7ed2218e5b2a289ddbc0d85be6bfb40c4143f390827bafe4956341afe45/detection

18 (including McAfee, Bitdefender and Microsoft) of 72 engines detect the file as infected.

jedisct1 commented 4 years ago

Yes, and magically, the 64 bit version of the exact same code has zero detection 😂

achidler commented 4 years ago

Please don't missunderstand me. I'm not saying that there is any malware in Simple DnsCrypt. All I'm saying is that currently some big antivirus engines, for whatever reason, detect dnscrypt-proxy.exe as infected and that in itself is certainly a problem for many.

jedisct1 commented 4 years ago

Please report it to these vendors. They all have ways to report false positives.