Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows Defender detects Trojan:Script/Wacatac.B!ml #88297

Closed
akiirui opened this issue Aug 24, 2021 · 5 comments
Closed

Windows Defender detects Trojan:Script/Wacatac.B!ml #88297

akiirui opened this issue Aug 24, 2021 · 5 comments
Labels
O-windows Operating system: Windows

Comments

@akiirui
Copy link

akiirui commented Aug 24, 2021

The Windows Defender detects the "Trojan:Script/Wacatac.B!ml" when I compiling a hello_world project.

Snipaste_2021-08-25_00-37-28

Environments:

  • Windows 10 21H1
  • Windows Defender Security intelligence version: 1.347.319.0
  • Rust: stable-x86_64-pc-windows-gnu rustc 1.54.0 (a178d03 2021-07-26)

Steps to reproduce:

  1. open cmd.exe
  2. cd %USERPROFILE%\Downloads
  3. create a main.rs with a simple function main (such as println!("hello world"))
  4. rustc .\main.rs
  5. .\main.exe
  6. Windows Defender warning

Windows Defender detects rustc compiling output as "Trojan:Script/Wacatac.B!ml" in User's Downloads folder only.

And if you copy compiled executable file to Downloads folder from another place, It will also detected as "Trojan:Script/Wacatac.B!ml".
@wesleywiser
Copy link
Member

wesleywiser commented Aug 24, 2021
edited
Loading

Just as another data point, I tried this but wasn't quite able to repro. After invoking main.exe, I got a popup which said Windows Defender was scanning the file and then it ran normally.

image

Running the file again after that shows neither the popup nor a delay before execution.

  • Windows 10 21H1
  • Windows Defender Security intelligence version: 1.347.319.0
  • Rust 1.54 stable

@wesleywiser wesleywiser added the O-windows Operating system: Windows label Aug 24, 2021
@guilhermewerner
Copy link

guilhermewerner commented Aug 24, 2021
edited
Loading

This has happened to me a few times too, and after a second check windows defender didn't alert anymore.

However I would like to get more information on why this happens.

@akiirui
Copy link
Author

akiirui commented Aug 24, 2021

@wesleywiser Emm, It's still happened to me everytime.

It's cause by Windows Defender "Cloud security scan".

Disable "Cloud-delivered protection" in Defender can stop it, but it's not the best solution.

It seems that Microsoft Cloud Virus Database marks the output of rust compilation as "Trojan:Script/Wacatac.B!ml".

@nagisa
Copy link
Member

nagisa commented Aug 25, 2021

The most appropriate course of action here is to submit your file to Microsoft as they are vendor of the antivirus solution you're using.

@akiirui
Copy link
Author

akiirui commented Aug 31, 2021

The most appropriate course of action here is to submit your file to Microsoft as they are vendor of the antivirus solution you're using.

Ok, I will do this, Thanks.

@akiirui akiirui closed this as completed Aug 31, 2021
@hneemann hneemann mentioned this issue Sep 14, 2021
Open
@cyounkins cyounkins mentioned this issue May 1, 2022
Closed
@jonthysell jonthysell mentioned this issue Jun 10, 2022
Closed
@tdakhran tdakhran mentioned this issue May 6, 2024
Closed
@AdamISZ AdamISZ mentioned this issue Sep 27, 2024
Closed
@hougesen hougesen mentioned this issue Dec 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
O-windows Operating system: Windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nagisa @wesleywiser @akiirui @guilhermewerner