Windows reports "Trojan:Win32/Wacatac.B!ml" in x86_64-pc-windows-msvc.tar #55
Comments
|
Hmm, I'm not completely sure what to do about that. Does it give more detail about why it detected it as a trojan? The Microsoft page itself on this virus redirects me to an error page: https://www.microsoft.com/en-us/wdsi/Error/500?aspxerrorpath=/en-us/wdsi/threats/threat-search (original was: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AWin32%2FWacatac.B!ml ) This is a relatively simple program, it won't access the network, do anything with video or peripheral input. The only system calls should be around... filesystem events. Maybe if we attest the provenance of our builds it will help? I have to imagine that, Windows and GitHub being owned by the same company, Windows might look up the origin of a binary by its attestation on GitHub? (If so, we can add those, it's just a lot of code to spell out every single binary we have, not that I'm opposed to it.) (These files themselves were from CI builds here: https://github.com/e-dant/watcher/releases/tag/release%2F0.12.0) |
|
Out of caution, I also checked that both the shamus and the files themselves are the same from CI and from the release page. So, this file from the release: https://github.com/e-dant/watcher/releases/tag/release%2F0.12.0 And this file from CI: https://github.com/e-dant/watcher/actions/runs/11224226016/artifacts/2026312266 Are the same: |
|
I see no additional information. The "Learn More" link goes to an error page, as you were describing. It's likely a signature overlap between something in your code and the actual trojan. You can submit the file for analysis by MS here ... |
|
When I extract the "offending" DLL and upload it to MS (see link above) it says there's no malware.
|
|
I submitted the entire archive (x86_64-pc-windows-msvc.tar) to MS online scanning. Same result; "No malware detected". No idea why my system is freaking out about it ... I'm using the same version of detection libraries (1.419.390.0) according to the info MS provides.
Here's the scan results from MS ...
|
|
I created a dummy outlook account (it needed to be a Microsoft account, and I didn't know how to make one without an outlook account) to submit this as a mistake, but I think the form doesn't like my email address... Or something? 
|
|
Thanks for your help here, submitting the report. |
|
Curious if this is still an issue |
Here's the report I get from the Windows 10 virus and threat protection.
The text was updated successfully, but these errors were encountered: