How can we help you today? How can we help you today?

Microsoft Defender and other Anti Virus software detect trojan:win32/wacatac.b!ml and other threats.

After securing the .net executable using the SmartAssembly 8.0 Software. Windows Defender detects "trojan:win32/wacatac.b!ml" in the upload executable. There are other executables as well, those are working fine and no threat detect in that.

We have scanned the executable using the online tool suggested in the following link. it detected other threats please check the attached screen shot. Please let us know the solution. We have also submitted the binary to Microsoft Defender Portal for review.

https://forum.red-gate.com/discussion/87927/antivirus-blocks-smart-assembly

https://www.virustotal.com/


AmitSri
0

Comments

1 comment

Sort by
  • Peter_Laws
    Thank you for submitting it for Microsoft's review AmitSri, based on past experience that is the most effective measure that can be taken. Additionally, more security vendors are unwilling to review based on the work of 3rd parties and will only accept review requests from affected customers such as yourself.

    All obfuscation software is periodically marked by automated protection patterns because bad actors often obfuscate their payloads to improve the odds it will bypass detection. The false positive typically only lasts a short time until they are updated.
     
    If you scan it with another security product that uses different patterns it likely won't be flagged. Your diligence is much appreciated; if you remain concerned please hold off on using at first while the patterns are updated and MS review.
    Peter_Laws
    0

Add comment

Please sign in to leave a comment.