Antivirus false positive

[twgoff]

I am getting a malware error when trying to install the latest version 2.3.37.

[fordsmax471]

Whenever we make a new upgrade and create a new build to distribute to our users, Windows may temporarily block the installation because the file is new and Windows doesn’t have enough information to guarantee its safety. It can take a few weeks for Windows to remove this warning. Luckily, you can accept the downloaded file

1.png (111.9 KiB) Viewed 15425 times

[twgoff]

I was able to exclude Forscan from my virus scan and it now works.

[FORScan]

We tested 2.3.37 on virustotal.com before the delivery, it didn't show any detections with Microsoft. It started to show it only on December, 1st. So either the site (virustotal.com) has problems with antivirus update, or Microsoft identified 2.3.37 as a threat AFTER the release.

Anyway, we have submitted the report to Microsoft, hope they will remove it from Defeinder soon.

Update: got word back from Microsoft that they have removed the false threat for 2.3.37:

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.

[smartguy69]

We tested 2.3.37 on virustotal.com before the delivery, it didn't show any detections with Microsoft. It started to show it only on December, 1st. So either the site (virustotal.com) has problems with antivirus update, or Microsoft identified 2.3.37 as a threat AFTER the release.

Anyway, we have submitted the report to Microsoft, hope they will remove it from Defeinder soon.

Update: got word back from Microsoft that they have removed the false threat for 2.3.37:

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

Thank you for contacting Microsoft.

I just bought a new laptop and installed version 2.3.38. Intercepted by Microsoft using windows defender on Sunday 24th January 2021.

[smartguy69]

Update 18th March.

Reinstalled windows, downloaded Forscan and all ok with Microsoft Defender.

[CmaxDM2]

I ran the command prompt as written, it wrote me that there are no new updates, but it still tells me in the virus total that 1 file is infected with malware, what to do?

[lrantan]

Tried to install the latest FORScan for Windows v2.3.42 and bought the extended license but after installing and opening it for the first time my Windows Defender blocked it and said Trojan:Script/Wacatac.B!ml
was trying to run. I'm on Windows 11

[f-wolf]

Tried to install the latest FORScan for Windows v2.3.42 and bought the extended license but after installing and opening it for the first time my Windows Defender blocked it and said Trojan:Script/Wacatac.B!ml
was trying to run. I'm on Windows 11

See if this works ??

https://mspoweruser.com/getting-false ... rs-scan/

[FORScan]

Tried to install the latest FORScan for Windows v2.3.42 and bought the extended license but after installing and opening it for the first time my Windows Defender blocked it and said Trojan:Script/Wacatac.B!ml
was trying to run. I'm on Windows 11

We test every release on virustotal.com, here is the report for v2.3.42. As you may see the only anti-virus that triggers false positive is Yandex (that is known issue but we cannot do anything with it). Microsoft (that is Windows Defender) says it is OK. We just re-scanned the file and it is still OK. Will monitor it further, in the meantime, please check your Windows Defender is up-to-date.