Closed sortofsleepy closed 5 months ago
This is a false positive. If you want to make sure it doesn't happen, you can recompile the compiler yourself very easily.
Sounds good! Thanks for the quick response.
I'm unable to replicate it on an up-to-date Windows 10. Is there a way to submit the executable to Microsoft for analysis from the quarantine? It's definitely a false positive as Bill says.
@Kelimion
I'm not sure as I've never tried to submit anything. That said it probably isn't a good idea; from the quick research I did it does sound like a legitimate Trojan(not in this particular situation of course). (EDIT sorry lack of sleep - I'm dumb, of course it's legitimate)
But it might be good to add a note to the readme or something along those lines mentioning that it might be possible to run into this.
@gingerBill @Kelimion - sorry to bother again but just an FYI, I just tried things after rebuilding the compiler from the master
branch and things are still getting flagged for some reason.
Will add project to my exceptions list but it might be good to make a note somewhere in case it comes up for someone else.
I'm having the same issue 😢 (Windows 11, odin: dev-2024-02).
@doongjohn I know I checked but since I couldn't quite remember the results, I just double checked again with another malware scanner (Malwarebytes) and it didn't report anything; given that and Kelimion's results, I wouldn't worry about it.
Just add your project folder to the whitelist for Defender and that should stop it from automatically trying to clean up the executable.
Antivirus machine learning heuristics are notoriously prone to false positives. Compiling Odin from source rather than using the release zip may also help.
I think there is some confusion here. The person who created the issue says that the exe that the compiler outputted gets the false virus flag. I.e. it is not the Odin compiler that gets flagged, but the exe the compiler outputs. Using the precompiled odin compiler or compiling the odin compiler yourself does not have any impact on this as far as I know.
When I released my game on itch people who downloaded it had Windows Defender claim it contained the Win32/Wacatac.B!ml
trojan and the exe was removed.
What I did to work around this:
Somehow I got my exe fixed, maybe it was because of step 3, but I'm not sure. Just make sure virustotal.com does not mark it as infected (especially not by Microsoft) before sending it out.
In any case, it does seem like the Odin compiler somehow outputs exes that for some reason look similar specifically to the Win32/Wacatac.B!ml
trojan, regardless if you built the Odin compiler locally or not.
I just had this issue today again. Like I said above I reported it to MS using the this link https://www.microsoft.com/en-us/wdsi/filesubmission (choose the 'software developer' option). When I finished the false positive report on there and uploaded the exe, then the site said that it did not contains virus. After that I did a rescan using virustotal.com. And behold: The detection from Microsoft was gone.
I take the statement above back. Suddenly Windows Defender started removing the file was OK 5 mins ago again. Now Microsoft online says that my file is clean, but my computer says it is not, despite having up-to-date windows defender definitions.
@doongjohn @sortofsleepy A good idea might be to submit any exe this happens with to MS on this link https://www.microsoft.com/en-us/wdsi/filesubmission -> choose 'software developer'. When you make the report make sure to write what trojan the false detection is, and also tell them it was compiled using the Odin Programming Language compiler and that this kind of false detection tends to happen often with programs compiled using the Odin compiler. I'm trying to make them notice this issue, hopefully at some point their heuristics learn to recognize the harmless Odin programs :)
👋 Hello! Came across Odin not too long ago. Given the unfortunate state of tech at the moment I find myself with a lot of free time, Odin looked interesting and so I thought I'd give it a try today.
Or so I thought... *cue dramatic music
I'm assuming what I'm experiencing is just a false positive, but just to be safe, I thought I ought to bring it up first. I somehow failed to notice the release I downloaded was a nightly - is that possibly part of the issue?
Thanks! 🍻
Context
The following Odin program
when built and run, causes Windows Defender(assuming it's passively active) to quarantine the resulting
.exe
claiming it's associated with the trojanWin32/Wacatac.B!ml
System
Expected Behavior
Windows Defender should not get triggered and not claim to find a Trojan.
Current Behavior
Windows Defender claims a Trojan exists.
Steps to Reproduce
Please provide detailed steps for reproducing the issue.