"Virus Detected" Trojan:Script/Wacatac.B!ml False Positive

Updated: April 26, 2024

Some time ago, Microsoft Windows "Real Time Protection" and "Windows Defender" stopped analyzing files for virus.
Instead they started using Machine Learning to guess if a file has a virus or not.

But how can it reliably know if a file is a virus without analyzing it first?

ANSWER: IT CAN'T and IT DOESN'T.

"If a file exhibits behavior or characteristics similar to known malware, it may trigger a detection."

But the only sin these files committed really was being compressed, that's it.

All this does is scares the shit out of people and ruin the site reputation (not only this one). You can google "Wacatac reddit" or something and see these AI detections are useless false positives.

When you inspect the "threat" you will find it says "Trojan:Script/Wacatac.B!ml" < That "ml" at the end stands for Machine Learning, as in "We didn't analyze the file, we just guessed it was a virus cos it's a compressed file and sometimes virus are compressed". Well ain't that great?

So this file I just compressed is a virus? Ok let's send it to Microsoft themselves for testing.
You can send them files under 500MB to test yourself from this page https://www.microsoft.com/en-us/wdsi/filesubmission

Here are the results for the file above:

Note how the only files inside are:

  • a .bin (clean)
  • a .cue (clean)
  • a .url (which is a link to this site, also clean)

Let's think for a bit.
If .7z is a container for anything really, not a program, and all the files it contains are clean. WHERE IS THE VIRUS???....

NOWHERE!

And now 24hs later the exact same file is not a virus:

WHAT TO DO:

To stop this nonsense from deleting your files. Add your downloads folder as an exception. I know this isn't ideal but is the only way to stop it from deleting .7z files.

  1. Go to the start menu, type "Security".
  2. Scroll down until "Exclusions" click "Add or remove exclusions"
  3. Find the folder your browser saves the files to.

That's it, it will not flag or delete your downloads any more.
Beware though if you download a real virus it will also not delete it. It's up to you to think and decide what to download and execute on your computer.

Disclaimer:

This website is dedicated to raising awareness of fan-made mods, translations, and the legacy of retro games. All names, trademarks, logos, and images are registered trademarks of their respective owners. This website adheres to the DMCA law. If you have any questions, please feel free to contact us.

2024 CDRomance