Windows zip download file - Defender shows as trojan Wacatac.B #2401
-
|
download file when unzipped is scanned by Windows Defender and shows it as Wacatac trojan. Attached screenshot. Is this normal? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
We've had issues in the past with AV false positives due to the embedded rules that contain strings from malware. I don't believe there is malware embedded in the zip archive, and anyone is welcome to review the CI workflow that builds and uploads the file. Tomorrow I can submit a report to MS (assuming I can find the form). |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
Please also see the FAQ at https://github.com/mandiant/capa/blob/master/doc/faq.md. |
Beta Was this translation helpful? Give feedback.
We've had issues in the past with AV false positives due to the embedded rules that contain strings from malware.
I don't believe there is malware embedded in the zip archive, and anyone is welcome to review the CI workflow that builds and uploads the file.
Tomorrow I can submit a report to MS (assuming I can find the form).