hannesmann / vanillafixes

Client modification for WoW 1.6.1-1.12.1 to eliminate stutter and animation lag
MIT License
162 stars 21 forks source link

Trojan:AndroidOS/Multiverze False positive #22

Closed maybedisp closed 1 year ago

maybedisp commented 1 year ago

Windows defender is detecting version 1.3 as Trojan:AndroidOS/Multiverze false positive, but the old version works without antivirus freaking out. This seems to be a repeat of #17

hannesmann commented 1 year ago

I tried scanning all three ZIP files but I still can't reproduce the detection. Not sure what could be done to fix this :/ https://i.imgur.com/IvyVrQR.png

maybedisp commented 1 year ago

Strange, I even tried removing clearing AV definitions/dynamic signatures and rescanned the file and it still gets detected. vanillafixes 1 3

hannesmann commented 1 year ago

I figured out why it wasn't detected for me, I had "Cloud-delivered protection" turned off. vanillafixes-1.3.zip is detected as "Trojan:AndroidOS/Multiverze" and vanillafixes-1.3-dxvk-legacy.zip is detected as "Trojan:Script/Wacatac.H!ml" but vanillafixes-1.3-dxvk.zip is not detected.

I couldn't get VanillaFixes.exe to trigger any detection and Android apps are ZIP files which leads me to believe that Defender is detecting the ZIP file itself as a virus and not the contents (which is really stupid).

I submitted vanillafixes-1.3.zip to Microsoft and removed vanillafixes-1.3-dxvk-legacy.zip. They responded pretty fast in #17 so hopefully the false positive will be removed soon.

hannesmann commented 1 year ago

Screenshot (4)