Defender shows that our software contains Win32/Wacatac.B!ml

Recently, on virustotal.com, our files shows up as been infected... Product = "microsoft"
Threat = "Trojan:Win32/Wacatac.B!ml"

We compile in Delphi 10.2 og 10.3.

Have you (Microsoft) changed something? I'm getting tired of sending our files to you, through submit sample...

But thanks, for updating your definitions fast...

But we build each day, and each time you just find a virus again... (sending again , and etc...)

What could i do?

|

Your program might share some of the code with the malware.

You should submit your program as false positive

https://www.microsoft.com/en-us/wdsi/filesubmission 


6 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I know that, and i did that...

From day to day, virusTotal.com (on product="Microsoft"), keep find new one.

Example:
Yester out build 2.0.0.26 of our cable manager reported 2 files as been infected.
We send them, and microsoft updated the definitions, and so everything is good.

Today, our build 20.0.0.27, VirusTotal.com reported the same 2 files again... (no codechange, but yes compiled again).

So again, what I wrote in the first place..
I don't whant to send each day... an CRC-checksum is not the solution, for you to say this file is fine...

So my question, have you changed something i product "microsoft"?

6 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 If you are having trouble with your security or privacy, I might suggest to you to take out MacAfee or some other extra security protection. Also, us a Backup drive to download all of your files for your own backup in case. This is not difficult and it would arrest all of your troubles. Good luck, Kelley

2 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 If you are having trouble with your security or privacy, I might suggest to you to take out MacAfee or some other extra security protection. Also, us a Backup drive to download all of your files for your own backup in case. This is not difficult and it would arrest all of your troubles. Good luck, Kelley

I dont understand your answer. It's no-where near an answer to my question...

I/We deliver a software solution.... Our files are been detected as "infected"...

VirusTotal.com say says that product "microsoft" keeps finding "Trojan:Win32/Wacatac.B!ml"

So as said before.... I want to to avoid keep sending sample-files to microsoft, and somehow get in touch with them. This is a issue that just got create. I've never got issue before, but if microfot uses a CRC-checksum, this i s a problem...

22 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Is your application digitally signed using a code certificate?

If not, this has been a near requirement for several years now, since that's the only way that an app or developer can gain reputation with Microsoft's security systems in order to avoid the very problems you seem to be having.

Everything you need to know about Authenticode Code Signing

Since that detection contains an exclamation character (!) in its name, I believe that indicates this was a machine learning (i.e. Artificial Intelligence) based detection, so it's difficult to know exactly why these advanced detection systems might recognize specific software as suspicious.

Though checksum (really hash) techniques have been used for decades by AV software, they're an archaic and limited method that's typically only used to identify known files and are today just one of dozens of inputs that advanced security apps like Defender use to identify potential malware.

That's why signing is so important, since even if a hash is used and the app itself is known, the only way to insure the integrity of the original code is by using a digital signature.

Unfortunately, even if you're digitally signing your app and it's changing as often as you state, it's difficult for these to gain a reputation, since it typically requires a few thousand downloads of a new app before a good reputation can be established.  The only way to gain immediate reputation for your app is as a developer using extended validation code signing via a (more expensive) code signing certificate.

Partnering with the industry to minimize false positives - Microsoft Security

That same article discusses how the detection and reputation systems work, so it may aid your understanding, as well as how best to communicate with Microsoft via that submission portal, since that's really your best avenue through which to communicate with their analysts.  Ask your questions while posting your app there, since it's the only place you can directly communicate with the analysts involved with updating Defender.

Posting here is generally a waste of time, since no one here truly works for Microsoft, especially the more technical security groups involved in the operation and support for Defender itself.  We're all mostly either consumer volunteers or contract workers who provide first-level support for Microsoft's products.

I just happen to have been involved in the commercial security community and also the Microsoft security apps since their first beta versions in 2005-6, so as an MVP at that time I had access to the early people and design decisions which created the initial versions that have evolved to what you see today.

Rob

73 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info


Last updated July 23, 2021 Views 46,315 Applies to: