Hello.
Lately I am getting dozens of emails claiming my software contains a Trojan.
Of course that isn't the case but when I went to investigate, Microsoft Defender flags EVERYTHING (no matter how complex or simple the program is) as:
Microsoft - Trojan:Win32/Wacatac.B!ml
I cannot find any way to get around this detection. VirusTotal has usual suspects (bad AVs) who give clear false positives but this one is ugly since it is "Microsoft" and it says "Trojan".
I tried creating Hello World in C#, packing it with latest Enigma and virustotal immediately shows Microsoft detect (+ bad AVs).
Anyone knows of anything that can be done here?
Thank you,
Regards.
Massive MS Defender Issue
-
- Posts: 6
- Joined: Sun May 22, 2022 6:50 pm
Re: Massive MS Defender Issue
https://www.microsoft.com/en-us/wdsi/fi ... eDeveloper
"What do you believe this file is?" --> "Incorrectly detected as malware/malicious"
"What do you believe this file is?" --> "Incorrectly detected as malware/malicious"
Re: Massive MS Defender Issue
Thank you.GameShield wrote: ↑Thu Feb 01, 2024 8:05 am https://www.microsoft.com/en-us/wdsi/fi ... eDeveloper
"What do you believe this file is?" --> "Incorrectly detected as malware/malicious"
I made the report but detections are just rising. On a simple packed (clean project, nothing changed in options), a 32bit "Hello World" gives 20 detections including the Defender one.
I have used Enigma for almost 10 years and I have never seen anything like this.
Re: Massive MS Defender Issue
I have submitted the files and it came back clean. They removed the detection.
But now after packing, defender assigns it a new "threat": Microsoft - Trojan:Win32/Sabsik.FL.A!ml with "Severe" threat level. It is a "Hello World" application...
I guess only way is to sign the files.
So for anyone in the future, be aware of this. For example, Malwarebytes AntiMalware won't blink on this because there is nothing malicious going on but MSDefender will jump at Enigma immediately after packing is complete. You don't even have to run the file...
But now after packing, defender assigns it a new "threat": Microsoft - Trojan:Win32/Sabsik.FL.A!ml with "Severe" threat level. It is a "Hello World" application...
I guess only way is to sign the files.
So for anyone in the future, be aware of this. For example, Malwarebytes AntiMalware won't blink on this because there is nothing malicious going on but MSDefender will jump at Enigma immediately after packing is complete. You don't even have to run the file...
-
- Posts: 6
- Joined: Sun May 22, 2022 6:50 pm