Wacatac false positive outbreak?

I've noticed lately that windows defender starts to mark almost all my zip files as risky because they supposedly contain Wacatac. The interesting thing is that I can create a compressed file of images, videos or files without problems... There is no virus threat in any of the files that I am compressing. I even scan them again using VirusTotal.com(the uncompressed files and the zip file). I upload the zipped file to my drive(One drive or Google drive) to download it on another computer. And that's when it happens, Windows Defender prevents the download of the compressed file because of the Wacatac.H!ml virus alert. Is this a bug? or is it due to something else?

Note: just to prevent useless suggestions. i used microsoft safety scanner, i also did a complete scan with 2 different antivirus software and also used anti adware software. I don't have viruses.

This thread is locked. You can vote as helpful, but you cannot reply or subscribe to this thread.

Answer

Greg Carmack

Independent Advisor

Hello, I'm Greg, here to help you with this.

See Glen Prouty's post here about determining if Wacatac is a false positive and how to remove it:
https://answers.microsoft.com/en-us/windows/for...

If/when in doubt, Defender gives adequate real time protection but when it finds something or you suspect you're infected, you'll want to roll out the bigger artillery to know you're getting the very best and most thorough scans. For this we should use the tech industry's undisputed leading scanners Malwarebyte on-demand protection for malware, and AdwCleaner for the lower level threats and PUPs.

You can do this most thorough disinfection procedure to find and root out infection wherever it hides, then repair any system files that were corrupted:
https://answers.microsoft.com/en-us/windows/for...

Then you will know for sure, and be rid of it either way.

Feel free to ask back any questions. Based on the results you post back, I will have other suggestions if necessary.

____________________________
Retired 2023, thirteen year daily forums volunteer, Windows MVP 2010-2020

2 people found this reply helpful

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Answer

_AW_

Volunteer Moderator

https://www.bleepingcomputer.com/news/security/winrar-sfx-archives-can-run-powershell-without-being-detected/

It's likely that detections have been beefed up to handle threats outlined in the above article, but in the process there are a lot of false positive detections. Wacatac.H!ml indicates it is a machine learning detection, which is prone to FP.

Contribute to the Windows forum!

Windows 10 Forum Top Contributors:

Wacatac false positive outbreak?

Replies (3)

Question Info

Wacatac false positive outbreak?

Replies (3) 

Question Info

Replies (3)