Massive MS Defender Issue

[RobertK]

Hello.

Lately I am getting dozens of emails claiming my software contains a Trojan.

Of course that isn't the case but when I went to investigate, Microsoft Defender flags EVERYTHING (no matter how complex or simple the program is) as:

Microsoft - Trojan:Win32/Wacatac.B!ml

I cannot find any way to get around this detection. VirusTotal has usual suspects (bad AVs) who give clear false positives but this one is ugly since it is "Microsoft" and it says "Trojan".

I tried creating Hello World in C#, packing it with latest Enigma and virustotal immediately shows Microsoft detect (+ bad AVs).

Anyone knows of anything that can be done here?

Thank you,
Regards.

[GameShield]

https://www.microsoft.com/en-us/wdsi/fi ... eDeveloper
"What do you believe this file is?" --> "Incorrectly detected as malware/malicious"

[RobertK]

https://www.microsoft.com/en-us/wdsi/fi ... eDeveloper
"What do you believe this file is?" --> "Incorrectly detected as malware/malicious"

Thank you.

I made the report but detections are just rising. On a simple packed (clean project, nothing changed in options), a 32bit "Hello World" gives 20 detections including the Defender one.

I have used Enigma for almost 10 years and I have never seen anything like this.

[RobertK]

I have submitted the files and it came back clean. They removed the detection.

But now after packing, defender assigns it a new "threat": Microsoft - Trojan:Win32/Sabsik.FL.A!ml with "Severe" threat level. It is a "Hello World" application...

I guess only way is to sign the files.

So for anyone in the future, be aware of this. For example, Malwarebytes AntiMalware won't blink on this because there is nothing malicious going on but MSDefender will jump at Enigma immediately after packing is complete. You don't even have to run the file...

[GameShield]

I made the report but detections are just rising

It takes some time for them to check the file and remove the detection