- started happening last week, then stopped after Windows Defender updates (see #532) - threat-classification: ` Trojan:Script/Wacatac.B!ml ` (NOTE: !ml means "machine-learning based detection") - only direct-downloads of the main branch were affected, the latest release was not (which doesn't make sense because they have the same content) *** - started happening again today (April 15) - same threat-classification - this time, the latest release (1.57.8) is affected but not direct-downloads of the main branch (again, these have the same contents) *** - If I ignore the download-warning and then scan the downloaded ZIP, there is no detection - after extracting the contents and scanning the folders, there is no detection *** - this now also affects the built-in updater because it downloads ZIP-files from the releases section *** - 3 hours after posting this, I received a Windows Defender update that resolved this issue again <br> ## Conclusion - Windows Defender is flagging the download based on patterns, not actual file contents - the fact that detections are inconsistent between release and main-branch downloads -- which have the same contents -- underlines this - the fact that these issues are remedied after Windows Defender updates also points to them being false-positive detections - May 5 update: this seems to be sorted out now and might have been a temporary side-effect from rebranding the project and repository
started happening last week, then stopped after Windows Defender updates (see Virus? #532)
threat-classification:
Trojan:Script/Wacatac.B!ml(NOTE: !ml means "machine-learning based detection")only direct-downloads of the main branch were affected, the latest release was not (which doesn't make sense because they have the same content)
started happening again today (April 15)
same threat-classification
this time, the latest release (1.57.8) is affected but not direct-downloads of the main branch (again, these have the same contents)
If I ignore the download-warning and then scan the downloaded ZIP, there is no detection
Conclusion
Windows Defender is flagging the download based on patterns, not actual file contents
the fact that detections are inconsistent between release and main-branch downloads -- which have the same contents -- underlines this
the fact that these issues are remedied after Windows Defender updates also points to them being false-positive detections
May 5 update: this seems to be sorted out now and might have been a temporary side-effect from rebranding the project and repository