Windows Defender Peeks as Trojan Wacatac.G!ml

Everything else that doesn't fall into one of the other PB categories.
User avatar
Saki
Addict
Addict
Posts: 830
Joined: Sun Apr 05, 2020 11:28 am
Location: Pandora

Windows Defender Peeks as Trojan Wacatac.G!ml

Post by Saki »

I would like to describe a problem to you here once.
It does not concern me currently, since I have been bypassing it habitually for a long time.

For the sake of simplicity, I am posting a code here,
my StringFields_BF, which is detected as a Trojan,
and below the code with the workaround I usually use.

But take the StringFields_BF from its thread for use in your software,
because these codes here are just a snapshot and may change in the future :
viewtopic.php?f=12&t=77219

With respect, this is some bullshit. :shock:

d12_m06_2021 - Win10 Pro 10.0.19043 Build 19043
Serious=Schwerwiegend - Low=Niedrig
Image

The Defender means, this is the Trojan Wacatac.G!ml. :twisted: :o

Code: Select all

DeclareModule StringFields_BF
  EnableExplicit
  
  ; Main function - Call firstly
  ; Start index :
  ;  0 = Add a virtual separator at the first
  ;  1 = first index
  ; -1 = Add a virtual separator at the end
  ; -2 = Add a virtual separator at the first and the end
  Declare StringFields_BF(string$,               ; String to parse - Adress - set so @string$
                          separator$,            ; Separator
                          start_index=1,         ; Start index
                          end_index=-1,          ; Index up to which is searched - -1 = full string size, all
                          ignore_empty_fields=1) ; Ignore empty fields
  
  ; Child funktions - call at the first the main function
  
  Declare.s GetStringFields_BF(field) ; Get a selected StringField
  
  Declare GetAmountStringFields_BF()  ; Get the StringFields amount
  
  Declare GetEmptyStringFields_BF()   ; Get the empty StringFields amount
  
  Declare FreeAllStringFields_BF()    ; Free the actual cached StringField list
  
  Declare SortStringFields_BF(flags.a=0,      ; Flags - (optional) - #PB_Sort_Ascending,  #PB_Sort_Descending, #PB_Sort_NoCase
                              start_field=-1, ; Start field for sort - Ignore with -1
                              end_field=-1)   ; End field for sort   - Ignore with -1
  
  ; Find a string in a StringField
  ; This function give back the Stringfield number or 0
  Declare FindStringFields_BF(find_string$,                    ; Search string
                              start_position=1,                ; Startposition inside a StringField
                              flag.a=#PB_String_CaseSensitive, ; Flag - #PB_String_CaseSensitive (preset), #PB_String_NoCase 
                              start_field=-1,                  ; Ignore with -1
                              end_field=-1)                    ; Ignore with -1
EndDeclareModule

Module StringFields_BF
  
  Global NewList index() : AddElement(index())
  Global NewList indexes.s() : AddElement(indexes())
  Global empty_fields, skip_first
  
  Procedure StringFields_BF(string$, separator$, start_index=1, end_index=-1, ignore_empty_fields=1)
    ; StringField_Tool_BF - By Saki - Unicode - This code is free for using and enhancing
    Select start_index
      Case 0 : Protected add_first=1 : Case -1 : Protected add_last=1 : Case -2 : add_first=1 : add_last=1
    EndSelect
    start_index=1
    Protected i, ii, iii, iiii, pos_1, pos_2, length_result, comp, count_index, amount_indexes
    Protected len_separator=StringByteLength(separator$), skip_first, skip_last, *string=@string$
    Protected *separator=@separator$, *pointer.word, byte_pos_last, result$ 
    If end_index<0 : end_index=$FFFFFFF : EndIf
    If end_index=0 : ProcedureReturn 0 : EndIf
    If start_index>end_index : start_index=end_index : EndIf
    If Not PeekW(*string) : ProcedureReturn 0 : EndIf
    ClearList(index()) : AddElement(index())
    ClearList(indexes()) : AddElement(indexes())
    If comp=CompareMemory(*string, *separator, len_separator)
      end_index+1 : count_index+1 : skip_first=1
    EndIf
    If add_first
      If skip_first And start_index : start_index-2 : end_index-1: EndIf
    Else
      If skip_first And start_index : start_index-1 : EndIf 
    EndIf
    i=-2
    Repeat
      i+2 : comp=CompareMemory(*string+i, *separator, len_separator)
      If comp
        iii=i : count_index+1 : ii+1 : i+len_separator-2 : amount_indexes+1
        AddElement(index()) : index()=i+2
      EndIf 
      *pointer=*string+i+len_separator
    Until count_index>end_index Or Not *pointer\w
    iiii=i
    byte_pos_last=iii+len_separator
    If comp=CompareMemory(*string+i-len_separator-1, *separator, len_separator) : skip_last=1 : EndIf
    If end_index>count_index : end_index=count_index : EndIf
    amount_indexes=ii : i=skip_first
    If start_index>amount_indexes : start_index=amount_indexes-1 : EndIf
    i+start_index+skip_first+skip_last
    If skip_first : i-1 : EndIf : If skip_last : i-1 :  EndIf
    If amount_indexes
      Repeat 
        If ListSize(index())>i : SelectElement(index(), i) : pos_1=index() : EndIf
        If ListSize(index())>i+1 : SelectElement(index(), i+1) : pos_2=index() : EndIf
        length_result=(pos_2-pos_1-len_separator)>>1
        If pos_2-pos_1>0
          If length_result>0
            result$=PeekS(*string+pos_1, length_result) : AddElement(indexes()) : indexes()=result$ 
          Else 
            empty_fields+1
            If ignore_empty_fields : result$=#Null$ : Else : result$="" : AddElement(indexes()) : EndIf         
          EndIf
        EndIf
        skip_first=0 : i+1
      Until i>end_index Or i=amount_indexes
      If add_last And skip_last
        result$=PeekS(*string+byte_pos_last, (iiii-byte_pos_last+len_separator)>>1)
        AddElement(indexes()) : indexes()=result$ 
      EndIf
    EndIf
    ProcedureReturn 1
  EndProcedure
  
  Procedure.s GetStringFields_BF(field)
    If field <1 : ProcedureReturn "" : EndIf
    SelectElement(indexes(), field)   
    If field<ListSize(indexes())
      ProcedureReturn indexes()
    EndIf
  EndProcedure
  
  Procedure GetAmountStringFields_BF()
    ProcedureReturn ListSize(indexes())-1
  EndProcedure 
  
  Procedure GetEmptyStringFields_BF()
    ProcedureReturn empty_fields+skip_first 
  EndProcedure
  
  Procedure FreeAllStringFields_BF()
    ClearList(index())
    AddElement(index())
    ClearList(indexes())
    AddElement(indexes())
    empty_fields=0
    ProcedureReturn 1
  EndProcedure
  
  Procedure SortStringFields_BF(flags.a=0, start_field=-1, end_field=-1)
    If start_field>0 And end_field>1 And end_field<=ListSize(indexes())
      SortList(indexes(), flags, start_field, end_field-1)
      ProcedureReturn 2
    Else
      SortList(indexes(), flags)
      ProcedureReturn 1
    EndIf  
  EndProcedure
  
  Procedure FindStringFields_BF(find_string$,
                                start_position=1,
                                flag.a=#PB_String_CaseSensitive,
                                start_field=-1,
                                end_field=-1)
    Protected i, result$
    If end_field>ListSize(indexes()) : end_field=ListSize(indexes()) : EndIf
    If start_field>0 And end_field>1
      end_field-1
      For i=start_field To end_field
        SelectElement(indexes(), i) : result$=indexes()
        If FindString(result$, find_string$, start_position, flag)
          ProcedureReturn i
        EndIf
      Next
    EndIf
    ProcedureReturn 0
  EndProcedure
  
EndModule
UseModule StringFields_BF

; #################### Demo  part #######################
CompilerIf #PB_Compiler_IsMainFile
  EnableExplicit
  
  Define separator$=" "
  Define i, index, start_index, end_index, result$, string$
  
  string$=" Hello i am a splitted String, i am StringFields_BF "
  
  Define multiplier=15 ; Enlarge the Teststring - 15 is about 1.7mb (20=54mb) - Deactivate the debugger for large values
  
  If multiplier>1 : For i=1 To multiplier : string$+string$ : Next i : EndIf
  
  Define len_string=Len(string$)
  
  start_index=1 ; Start index
                ;  0 = Add a virtual separator at the first
                ;  1 = first index
                ; -1 = Add a virtual separator at the end
                ; -2 = Add a virtual separator at the first and the end
  
  end_index=-1 ; Index up to which is searched - -1 = full string size, all
  
  Debug "Start Index : "+start_index
  
  Debug "End Index : "+end_index
  
  Define ignore_empty_fields=1
  
  Define time=ElapsedMilliseconds()
  
  Define parsing_time=ElapsedMilliseconds()
  
  Define amount_fields=StringFields_BF(string$, separator$, start_index, end_index, ignore_empty_fields)
  
  Define parsing_time=ElapsedMilliseconds()-parsing_time
  
  Debug "String parsing time : "+parsing_time
  Debug "String length : "+Len(string$)
  Debug "StringFields found : "+GetAmountStringFields_BF()
  Debug "Empty StringFields found : "+GetEmptyStringFields_BF()
  Debug "=============================="
  Debug "I only display the first nine StringFields here"
  Debug "=============================="
  
  ; Sort the StringFields
  ; Define flags.a=#PB_Sort_Ascending|#PB_Sort_NoCase
  ; Define start_field=1
  ; Define end_field=9
  ; flags (optional) - #PB_Sort_Ascending,  #PB_Sort_Descending, #PB_Sort_NoCase
  ; SortStringFields_BF(flags.a, start_field, end_field)
  
  For index=1 To 9
    result$=GetStringFields_BF(index)
    Debug result$
  Next 
  
  ; Find a string in a StringField
  Define find_string$="am"
  Define start_position=1
  Define flags.a=#PB_Sort_Ascending ; #PB_Sort_NoCase
  Define start_field=1
  Define end_field=9 ; GetAmountStringFields_BF()
  Define found
  Debug "=============================="
  Debug "I only search the first nine StringFields here"
  Debug "=============================="
  Debug "Search for : "+find_string$
  For i=1 To end_field
    found=FindStringFields_BF(find_string$, start_position, flags.a, start_field, end_field)
    If found
      start_field=found+1
      Debug "Found in StringField : "+found
    EndIf
  Next
  
  MessageRequester("Deactivate the Debugger",
                   "String parsing time : "+parsing_time+#LF$+               
                   "String length : "+Len(string$)+#LF$+
                   "StringFields found : "+GetAmountStringFields_BF()+#LF$+
                   "Empty StringFields found : "+GetEmptyStringFields_BF())
CompilerEndIf

This is the standard code with the usual workaround

Code: Select all

DeclareModule StringFields_BF
  EnableExplicit
  
  ; Main function - Call firstly
  ; Start index :
  ;  0 = Add a virtual separator at the first
  ;  1 = first index
  ; -1 = Add a virtual separator at the end
  ; -2 = Add a virtual separator at the first and the end
  Declare StringFields_BF(string$,               ; String to parse - Adress - set so @string$
                          separator$,            ; Separator
                          start_index=1,         ; Start index
                          end_index=-1,          ; Index up to which is searched - -1 = full string size, all
                          ignore_empty_fields=1) ; Ignore empty fields
  
  ; Child funktions - call at the first the main function
  
  Declare.s GetStringFields_BF(field) ; Get a selected StringField
  
  Declare GetAmountStringFields_BF()  ; Get the StringFields amount
  
  Declare GetEmptyStringFields_BF()   ; Get the empty StringFields amount
  
  Declare FreeAllStringFields_BF()    ; Free the actual cached StringField list
  
  Declare SortStringFields_BF(flags.a=0,      ; Flags - (optional) - #PB_Sort_Ascending,  #PB_Sort_Descending, #PB_Sort_NoCase
                              start_field=-1, ; Start field for sort - Ignore with -1
                              end_field=-1)   ; End field for sort   - Ignore with -1
  
  ; Find a string in a StringField
  ; This function give back the Stringfield number or 0
  Declare FindStringFields_BF(find_string$,                    ; Search string
                              start_position=1,                ; Startposition inside a StringField
                              flag.a=#PB_String_CaseSensitive, ; Flag - #PB_String_CaseSensitive (preset), #PB_String_NoCase 
                              start_field=-1,                  ; Ignore with -1
                              end_field=-1)                    ; Ignore with -1
EndDeclareModule

Module StringFields_BF
  
  Global NewList index() : AddElement(index())
  Global NewList indexes.s() : AddElement(indexes())
  Global empty_fields, skip_first
  
  Procedure StringFields_BF(string$, separator$, start_index=1, end_index=-1, ignore_empty_fields=1)
    ; StringField_Tool_BF - By Saki - Unicode - This code is free for using and enhancing
    Select start_index
      Case 0 : Protected add_first=1 : Case -1 : Protected add_last=1 : Case -2 : add_first=1 : add_last=1
    EndSelect
    start_index=1
    Protected i, ii, iii, iiii, pos_1, pos_2, length_result, comp, count_index, amount_indexes
    Protected len_separator=StringByteLength(separator$), skip_first, skip_last, *string=@string$
    Protected *separator=@separator$, *pointer.word, byte_pos_last, result$ 
    If end_index<0 : end_index=$FFFFFFF : EndIf
    If end_index=0 : ProcedureReturn 0 : EndIf
    If start_index>end_index : start_index=end_index : EndIf
    If Not PeekW(*string) : ProcedureReturn 0 : EndIf
    ClearList(index()) : AddElement(index())
    ClearList(indexes()) : AddElement(indexes())
    If comp=CompareMemory(*string, *separator, len_separator)
      end_index+1 : count_index+1 : skip_first=1
    EndIf
    If add_first
      If skip_first And start_index : start_index-2 : end_index-1: EndIf
    Else
      If skip_first And start_index : start_index-1 : EndIf 
    EndIf
    i=-2
    Repeat
      i+2 : comp=CompareMemory(*string+i, *separator, len_separator)
      If comp
        iii=i : count_index+1 : ii+1 : i+len_separator-2 : amount_indexes+1
        AddElement(index()) : index()=i+2
      EndIf 
      *pointer=*string+i+len_separator
    Until count_index>end_index Or Not *pointer\w
    iiii=i
    byte_pos_last=iii+len_separator
    If comp=CompareMemory(*string+i-len_separator-1, *separator, len_separator) : skip_last=1 : EndIf
    If end_index>count_index : end_index=count_index : EndIf
    amount_indexes=ii : i=skip_first
    If start_index>amount_indexes : start_index=amount_indexes-1 : EndIf
    i+start_index+skip_first+skip_last
    If skip_first : i-1 :  EndIf : If skip_last  : i-1 :  EndIf
    If amount_indexes
      Repeat 
        If ListSize(index())>i : SelectElement(index(), i) : pos_1=index() : EndIf
        If ListSize(index())>i+1 : SelectElement(index(), i+1) : pos_2=index() : EndIf
        length_result=pos_2-pos_1-len_separator
        If pos_2-pos_1>0
          If length_result>0
            result$=Space(length_result>>1)
            CopyMemory(*string+pos_1, @result$, length_result)
            AddElement(indexes()) : indexes()=result$ 
          Else 
            empty_fields+1
            If ignore_empty_fields : result$=#Null$
            Else 
              result$="" : AddElement(indexes())
            EndIf         
          EndIf
        EndIf
        skip_first=0 : i+1
      Until i>end_index Or i=amount_indexes
      If add_last And skip_last
        result$=Space((iiii-byte_pos_last+len_separator)/2)
        CopyMemory(*string+byte_pos_last, @result$, iiii-byte_pos_last+len_separator)
        AddElement(indexes()) : indexes()=result$ 
      EndIf
    EndIf
    ProcedureReturn 1
  EndProcedure
  
  Procedure.s GetStringFields_BF(field)
    If field <1 : ProcedureReturn "" : EndIf
    SelectElement(indexes(), field)   
    If field<ListSize(indexes())
      ProcedureReturn indexes()
    EndIf
  EndProcedure
  
  Procedure GetAmountStringFields_BF()
    ProcedureReturn ListSize(indexes())-1
  EndProcedure 
  
  Procedure GetEmptyStringFields_BF()
    ProcedureReturn empty_fields+skip_first 
  EndProcedure
  
  Procedure FreeAllStringFields_BF()
    ClearList(index())
    AddElement(index())
    ClearList(indexes())
    AddElement(indexes())
    empty_fields=0
    ProcedureReturn 1
  EndProcedure
  
  Procedure SortStringFields_BF(flags.a=0, start_field=-1, end_field=-1)
    If start_field>0 And end_field>1 And end_field<=ListSize(indexes())
      SortList(indexes(), flags, start_field, end_field-1)
      ProcedureReturn 2
    Else
      SortList(indexes(), flags)
      ProcedureReturn 1
    EndIf  
  EndProcedure
  
  Procedure FindStringFields_BF(find_string$,
                                start_position=1,
                                flag.a=#PB_String_CaseSensitive,
                                start_field=-1,
                                end_field=-1)
    Protected i, result$
    If end_field>ListSize(indexes()) : end_field=ListSize(indexes()) : EndIf
    If start_field>0 And end_field>1
      end_field-1
      For i=start_field To end_field
        SelectElement(indexes(), i) : result$=indexes()
        If FindString(result$, find_string$, start_position, flag)
          ProcedureReturn i
        EndIf
      Next
    EndIf
    ProcedureReturn 0
  EndProcedure
  
EndModule
UseModule StringFields_BF

; #################### Demo  part #######################
CompilerIf #PB_Compiler_IsMainFile
  EnableExplicit
  
  Define separator$=" "
  Define i, index, start_index, end_index, result$, string$
  
  string$=" Hello i am a splitted String, i am StringFields_BF "
  
  Define multiplier=15 ; Enlarge the Teststring - 15 is about 1.7mb (20=54mb) - Deactivate the debugger for large values
  
  If multiplier>1 : For i=1 To multiplier : string$+string$ : Next i : EndIf
  
  Define len_string=Len(string$)
  
  start_index=1 ; Start index
                ;  0 = Add a virtual separator at the first
                ;  1 = first index
                ; -1 = Add a virtual separator at the end
                ; -2 = Add a virtual separator at the first and the end
  
  end_index=-1 ; Index up to which is searched - -1 = full string size, all
  
  Debug "Start Index : "+start_index
  
  Debug "End Index : "+end_index
  
  Define ignore_empty_fields=1
  
  Define time=ElapsedMilliseconds()
  
  Define parsing_time=ElapsedMilliseconds()
  
  Define amount_fields=StringFields_BF(string$, separator$, start_index, end_index, ignore_empty_fields)
  
  Define parsing_time=ElapsedMilliseconds()-parsing_time
  
  Debug "String parsing time : "+parsing_time
  Debug "String length : "+Len(string$)
  Debug "StringFields found : "+GetAmountStringFields_BF()
  Debug "Empty StringFields found : "+GetEmptyStringFields_BF()
  Debug "=============================="
  Debug "I only display the first nine StringFields here"
  Debug "=============================="
  
  ; Sort the StringFields
  ; Define flags.a=#PB_Sort_Ascending|#PB_Sort_NoCase
  ; Define start_field=1
  ; Define end_field=9
  ; flags (optional) - #PB_Sort_Ascending,  #PB_Sort_Descending, #PB_Sort_NoCase
  ; SortStringFields_BF(flags.a, start_field, end_field)
  
  For index=1 To 9
    result$=GetStringFields_BF(index)
    Debug result$
  Next 
  
  ; Find a string in a StringField
  Define find_string$="am"
  Define start_position=1
  Define flags.a=#PB_Sort_Ascending ; #PB_Sort_NoCase
  Define start_field=1
  Define end_field=9 ; GetAmountStringFields_BF()
  Define found
  Debug "=============================="
  Debug "I only search the first nine StringFields here"
  Debug "=============================="
  Debug "Search for : "+find_string$
  For i=1 To end_field
    found=FindStringFields_BF(find_string$, start_position, flags.a, start_field, end_field)
    If found
      start_field=found+1
      Debug "Found in StringField : "+found
    EndIf
  Next
  
  MessageRequester("Deactivate the Debugger",
                   "String parsing time : "+parsing_time+#LF$+               
                   "String length : "+Len(string$)+#LF$+
                   "StringFields found : "+GetAmountStringFields_BF()+#LF$+
                   "Empty StringFields found : "+GetEmptyStringFields_BF())
CompilerEndIf
// Moved from "Announcement" to "General Discussion" (Kiffi)
Last edited by Saki on Sat Jun 12, 2021 10:08 am, edited 1 time in total.
地球上の平和
User avatar
mk-soft
Always Here
Always Here
Posts: 5335
Joined: Fri May 12, 2006 6:51 pm
Location: Germany

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by mk-soft »

Most of the time it's a false positive from the virus scanner.

It helps to add the development environment and project folder as exceptions to the virus scanner and to test the finished project locally for viruses.
My Projects ThreadToGUI / OOP-BaseClass / EventDesigner V3
PB v3.30 / v5.75 - OS Mac Mini OSX 10.xx - VM Window Pro / Linux Ubuntu
Downloads on my Webspace / OneDrive
User avatar
Saki
Addict
Addict
Posts: 830
Joined: Sun Apr 05, 2020 11:28 am
Location: Pandora

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by Saki »

Hi, yes, thank you.
I just wanted to show that Peeks() triggers this and what you can do about it.
With the sample bypass you usually have peace.
It also makes no difference, both variants are equally fast.
地球上の平和
User avatar
Saki
Addict
Addict
Posts: 830
Joined: Sun Apr 05, 2020 11:28 am
Location: Pandora

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by Saki »

Now, the question and answer of what causes the Defender to "friendly fire" is getting more and more bizarre. :o :lol:

But it is also very interesting,
because you can see how you can influence the behavior of the defender without any code change. :shock:

Image
地球上の平和
firace
Addict
Addict
Posts: 899
Joined: Wed Nov 09, 2011 8:58 am

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by firace »

Quite weird indeed!
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by BarryG »

I'm really hoping the new C backend will get rid of all these false-positives, due to the different resulting codebase/compilation.
User avatar
Saki
Addict
Addict
Posts: 830
Joined: Sun Apr 05, 2020 11:28 am
Location: Pandora

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by Saki »

Well, it seems that Defender detects the source code as a Trojan.
The fact that it still means this very well-known Trojan and reacts accordingly violently makes me increasingly doubt the capabilities of the defender.
You can't expect much more from it, if you use this example as a basis for your thinking.

This is all very strange and it makes me not want to have the Defender anymore.
地球上の平和
firace
Addict
Addict
Posts: 899
Joined: Wed Nov 09, 2011 8:58 am

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by firace »

Many thanks for taking the time to share your experience.
The AV I have had most issues with is SecureAge APEX (on VirusTotal).
It unfairly detects every 32-bit PB executable as Malicious, and I haven't found a way of avoiding this.
User avatar
Saki
Addict
Addict
Posts: 830
Joined: Sun Apr 05, 2020 11:28 am
Location: Pandora

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by Saki »

Hello, yes, thank you very much.
So, I've had almost no problems with Defender so far.

However, the StringFields_BF code seems to have fooled it.
So I wanted to try to narrow that down a bit.

Well, in the meantime, I've tweaked the code to accept it without grumbling.

But that only reflects a tiny part of the whole problem, because you have to try to work around bugs that don't exist so people don't go nuts trying to use my tools.

Unfortunately, one also quickly gets the impression that Defender is not very smart.
地球上の平和
User avatar
Keya
Addict
Addict
Posts: 1891
Joined: Thu Jun 04, 2015 7:10 am

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by Keya »

firace wrote: Sun Jun 13, 2021 10:25 am The AV I have had most issues with is SecureAge APEX (on VirusTotal).
It unfairly detects every 32-bit PB executable as Malicious, and I haven't found a way of avoiding this.
Create a minimal program that triggers the false positive (the smaller the better - maybe even a Hello World might be enough), and send the exe + source code to SecureAge to report the issue
miskox
User
User
Posts: 95
Joined: Sun Aug 27, 2017 7:37 pm
Location: Slovenia

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by miskox »

Microsoft Defender is here again: this time I got 'Win32/Wacatac.B!ml'.

I've been using this .exe for a few months with no problems - and now it pops up (today's Defender update probably).

I'm using PeekA in my code.

Saso
BarryG
Addict
Addict
Posts: 3292
Joined: Thu Apr 18, 2019 8:17 am

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by BarryG »

firace wrote: Sun Jun 13, 2021 10:25 amThe AV I have had most issues with is SecureAge APEX (on VirusTotal)
SecureAge anti-virus is notorious for giving false positives. I always have to get them to remove my apps from VirusTotal whenever I update.

I've even got their false-positive report page bookmarked now -> https://www.secureage.com/support/report-false-positive

With my app's latest update, out of 71 anti-virus apps, SecureAge is the once again the only one that thinks my app is malicious.
User avatar
mk-soft
Always Here
Always Here
Posts: 5335
Joined: Fri May 12, 2006 6:51 pm
Location: Germany

Re: Windows Defender Peeks as Trojan Wacatac.G!ml

Post by mk-soft »

The constant checking for total viruses with false alarms leads to these false alarms being taken over by the antivirus program manufacturers.
My Projects ThreadToGUI / OOP-BaseClass / EventDesigner V3
PB v3.30 / v5.75 - OS Mac Mini OSX 10.xx - VM Window Pro / Linux Ubuntu
Downloads on my Webspace / OneDrive
Post Reply