Launcher program is detected by Windows Defender as a virus

[beanieaxolotl]

This is most likely a false positive, but as I was updating the program, Windows Defender picked up the main program and said it contained "Win32/Wacapew.c!ml".

[valadaptive]

Do you have any other antivirus software installed? ntsc-rs-launcher v0.9.1 is not detected by Defender according to VirusTotal.

What's the file hash of ntsc-rs-launcher.exe? You can get it via:

Get-FileHash C:\Users\User\Documents\programs\ntsc-rs-windows-standalone\ntsc-rs-launcher.exe

[beanieaxolotl]

"Do you have any other antivirus software installed?"

• Sadly, not yet. The closest thing to that is a lone copy of Malwarebytes AdwCleaner.

Despite that, the file hash is below:

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
SHA256          5B9178BA375719D50E008D4880BB01941F050EA23D93ECB7AD663535E922EC8A       C:\Users\User\Documents\progr...

[valadaptive]

Running Defender locally, I see that it does get detected. Not sure why this is, or if there's anything I can do about it. The exact same launcher doesn't get detected by Defender when I build it locally, and I used a tool to verify that there are no differences between the two, save for a file path that made it into the build and depends on where it was built.

[oisintheblue]

huh, that's strange. i've installed the latest version and it didnt get detected by windows defender as a virus for me.

[valadaptive]

Given that a near-identical executable was not detected, it seems like the detection may be extremely sensitive to any changes, which may include updates to the virus definition files. With Defender on Windows 10 and virus definitions version 1.421.1382.0, it's detected as Trojan:Win32/Wacatac.B!ml. The "Cloud" protection detects it as Program:Win32/Wacapew.C!ml.

[0x5066]

I think this sums it up pretty well:

"The main reason for this is that you often need to have a trust rating depending on the anti-virus / malware protection software &/or service being used to be allowed to download & run the installer file but ironically you cannot gain trust until you've downloaded & run & marked it as being ok. Can you see the issue here?"

source: https://getwacup.com/false_positives.html

I don't think there's anything one can do except build reputation, but how can you do that when everything is flagged as suspicious?

[valadaptive]

This is not really in my control; Windows Defender and its heuristics will do as they please.