Trojan:Win32/Wacatac.B!ml detected in fga_0.6.2_windows_386.tar.gz

[arulrajnet]

The trojan detected while downloading windows 386 version of tar. I am using Windows 11 Pro

Detected : Trojan:Win32/Wacatac.B!ml
Status : Quarantine failed
This threat or app might not be completely remediated.
Details : This program is dangerous and executes commands from an attacker.
Affected Items

containerfile: C:\Users\arul\Downloads\fga_0.6.2_windows_386.tar.gz
file: C:\Users\arul\Downloads\fga_0.6.2_windows_386.tar.gz->(GZip)->fga.exe
webfile: C:\Users\arul\Downloads\fga_0.6.2_windows_386.tar.gz|https://objects.githubusercontent.com/github-production-release-asset-2e65be/649913371/e06ff406-7140-43db-ab6f-ae18e9493408?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241208%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241208T120117Z&X-Amz-Expires=300&X-Amz-

[Siddhant-K-code]

The detection by Windows Defender appears to be a false positive. To proceed safely, please follow these steps:

1. Verify the Integrity of the Binary:

   • Download the binary's SHA256 checksum from the official release page: OpenFGA CLI Releases.
   • Compute the checksum of the downloaded file and compare it with the one provided:
     • On Windows, you can use PowerShell:

       Get-FileHash fga.exe -Algorithm SHA256

     • Ensure the computed checksum matches the one from the release page.

2. Add an Exception to Windows Defender:
   If the checksum matches, you can add the file or folder to your antivirus exclusion list:

   • Open Windows Security > Virus & threat protection.
   • Scroll down to Manage settings > Exclusions > Add or remove exclusions.
   • Add the folder containing fga.exe or the binary itself.

3. Next Steps:
   To address this issue for all users, I think, we should sign the binary with a trusted code-signing certificate. Signed binaries are less likely to be flagged by antivirus programs.