False positive for Windows Defender

[markski1]

Unfortunately, on my local machine, Windows Defender has begun to detect version.dll as a trojan by the signature "Trojan:Win32/Wacatac.B!ml".

This might be related to the fact the masterlist fix fundamentally works through memory hacking, and I'm not sure if it can be fixed, but I'm opening this issue to make light of the problem.

For now, VirusTotal continues to agree that the file is safe, so that is good news at least.

[spmn]

That’s how Microsoft treats new binaries that are rarely downloaded and are not digitally signed. Many hobbyist Windows devs are complaining that their files get flagged as malware. Eventually, as more users install and whitelist the mod, the warning should go away. The downside is that any new version will have to go through the same vetting process.

Once I get some time to build a new dll with the updated endpoint, I will also submit the new file to MSFT for additional analysis, hoping that they would vet it faster.

[spmn]

I've submitted v2.0.1 to Microsoft and their automatic analysis did not find anything suspicious. Now I am waiting for the manual analysis, which should say the same thing.

I'm closing this now since there is nothing else I can do to "fix" the false positives.