Windows Defender Threat Issue

[zaisty]

Attempt to fill out this form as well as possible. If you can't answer a question, you can skip it.

Describe the bug Windows 11 after download v1.23 detect trojan. Please fix it.

Expected behavior Clean file.

[sixem]

Hmm, you're right. I've had this happen before when using 7z. It's a false positive (Wacatac) that is common with archived files, unfortunately. I'll investigate it a bit, to see if there's a different way I can package or ship them for now.

Edit: I've removed them for now, and there appears to be an issue with the build files. It could very well just be the updated URL that is being falsely detected as bad. I'll do a bit more testing to see if that's the case. I'll continue checking.

[sixem]

Update: So, it seems that the latest Windows Defender update detects this as a false positive. I don't think I can do much about this until it is resolved on their end. I've submitted a false detection report now, so hopefully this gets resolved soon.

For now, I'd recommend to just use the older version (assuming that isn't affected as well). Again, it's an open source project, and the changes are visible to anyone, and the code is all here if anyone is worried about this.

I've seen other repositories have similar problems, so it's not super uncommon, but annoying nonetheless. I just hope this'll get fixed as soon as possible.

---

Another update: I got a response from the analyst.

Hopefully this is now fixed in one of the next updates of Windows Defender :crossed_fingers:

[sixem]

For some added context, this issue appears to affect a lot of similar projects lately; even simple .js, .php and .htm(l) files are being falsely detected as malicious now. These are a few similar and very recent issues I found by doing a quick search for "Wacatac":

https://github.com/materializecss/materialize/issues/473 https://github.com/googlefonts/googlefonts-project-template/issues/168 https://github.com/jackchenzlp/dataVgeojson/issues/2 https://github.com/s60sc/ESP32-CAM_MJPEG2SD/issues/408 https://github.com/SheepTester/htmlifier/issues/156 https://github.com/estroBiologist/pluralchum/issues/42

I pinned this issue for visibility, even though it's not really an issue I can do much about, but I'll leave it open for a bit.

Hopefully this all gets sorted soon.

[sixem]

It appears to be fixed now, so I've re-added the release packages.

If the problem should re-appear in the future, I'd recommend just building it yourself, using an older version or just excluding it from detection. I'll try to regularly test the release packages in the near future as well, to see if this fix actually is persistent on Microsoft's end, and if not — submit further files for analysis.

---

The steps for obtaining the latest definitions and to clear the cache:

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"