[INFO] GitHub Downloads Flagged by Windows Defender #547
Description
-
started happening last week, then stopped after Windows Defender updates (see Virus? #532)
-
threat-classification:
Trojan:Script/Wacatac.B!ml(NOTE: !ml means "machine-learning based detection") -
only direct-downloads of the main branch were affected, the latest release was not (which doesn't make sense because they have the same content)
-
-
started happening again today (April 15)
-
same threat-classification
-
this time, the latest release (1.57.8) is affected but not direct-downloads of the main branch (again, these have the same contents)
-
-
If I ignore the download-warning and then scan the downloaded ZIP, there is no detection
- after extracting the contents and scanning the folders, there is no detection
- this now also affects the built-in updater because it downloads ZIP-files from the releases section
- 3 hours after posting this, I received a Windows Defender update that resolved this issue again
Conclusion
-
Windows Defender is flagging the download based on patterns, not actual file contents
-
the fact that detections are inconsistent between release and main-branch downloads -- which have the same contents -- underlines this
-
the fact that these issues are remedied after Windows Defender updates also points to them being false-positive detections
-
-
May 5 update: this seems to be sorted out now and might have been a temporary side-effect from rebranding the project and repository