Windows Defender hitting on exefile

Question

Windows Defender hitting on exefile

Nfinished opened this issue 4 years ago · 13 comments

Hopefully this is a false positive?

Same

Answer 1 · 2020-12-12T21:02:36.000Z

Not sure why that's popping up on my end. I've scanned several times and no malware or anything like it. It might be setting a false positive on IPH for some reason? I haven't added anything to the code that would get remotely close to this.

Did you try scanning your computer? Be interested to know if you have malware that's causing this to link to IPH or something else.

Answer 2 · 2020-12-12T21:37:45.000Z

This is on a fairly fresh install of win10, not much on the drive other than Eve and Steam.

Answer 3 · 2020-12-25T21:08:57.000Z

Windows Defender is alerting me to Trojan:Win32/Wacatac.DB!ml . This is from the msi download. Is the source code cleaner to compile? I don't have vb studio or whatever installed...

Answer 4 · 2020-12-26T06:19:23.000Z

I have a different (falsely) detected

Answer 5 · 2020-12-26T18:40:37.000Z

Same, Windows is blocking Trojan:Win32/Wacatac.DB!ml on a fresh install.

Answer 6 · 2020-12-26T19:46:12.000Z

Not sure what is causing this but pretty sure it’s a false positive because there is nothing on my computer that I can find. I submitted the file to windows to see if it can get added to the exception list.

Sadly this just started happening after I implemented the new login system.

Answer 7 · 2021-01-04T08:41:25.000Z

I updated today, started receiving the CoinMiner flag from Defender. It ran fine before. Just adding my name to the list. Will send whatever diagnostics you need. Thanks for your work!

Answer 8 · 2021-01-24T02:28:51.000Z

I've submitted this to MS and they have marked it as not malware or a virus. They said they removed the exe from the virus definitions so hopefully this will fix the issue if you've updated the definitions.

Answer 9 · 2021-02-14T21:34:15.000Z

Trojan:Win32/Tilevn.A is now being detected

Answer 10 · 2021-02-15T01:06:37.000Z

The following false positives have been noted so far and Microsoft has removed them from their virus definitions:
* PUA: Win32/CoinMiner
* Trojan: Win32/Wacatac.D8!ml
* Backdoor: Win32/Bladabindi!ml
* Trojan: Win32/CryptInject!ml
* Trojan: Win32/Tilevn.A

If you get an notice on any of these listed, please follow the steps below to clear cached detection and obtain the latest malware definitions.
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

If this is a new virus detection, please submit the error with the detected name in #bug-reports
Microsoft Defender is the only virus scanner that is providing false positives to IPH (See Virus Total scan here: https://www.virustotal.com/gui/file/a1797c477240f839e1fc37894cd8a0ad29291637fc4aa297edaaeafd8624500d/detection).

If you want to add an exclusion to Microsoft Defender, please follow the instructions here: https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26 .

Answer 11 · 2022-01-14T18:09:26.000Z

I did get the PUA:Win32/CoinMiner warning even after the signature reset/update

Answer 12 · 2022-01-16T23:46:19.000Z

Put an exception in for the program. There isn't much else I can do at this point. It's a false positive.