MSI is detected by windows defender and It shows "Trojan:Script/Wacatac.B!ml" error.

Test Admin 131 Reputation points
2021-07-07T08:23:32.953+00:00

112470-defender-error-2.jpg112522-defender-error-1-1.jpg

We have developed the MSI file. While installing the MSI in Japanese OS Windows 10 machine, Windows Defender has detected the "Trojan:Script/Wacatac.B!ml" error in some machines.

But we have tried to reproduce the same in some other [English OS Windows 10 and Japanese OS Windows 10] machines that are working fine. Windows defender did not detect any errors. We need to know the cause of the error.

We have tried to reproduce the same issue again, But it can't be reproduced due to the factors below.

1) Reproduction testing is difficult because OS is updated to Windows 11 version.

2) The recall rate at the time of occurrence is 100%.

3) The environment at the time of occurrence is Windows 10 20 H2.

4) The detailed build and defender pattern file is unknown. (Already up to Windows 11)

We have attached the error occurred screenshots for your reference. Please find the screenshots.

Question:

  1. Is this issue happening due to the Windows OS?
  2. Is this issue happening because of Windows Defender?
  3. Is this issue happening because of the MSI file?. As we have used windows installer.

If any of the above questions are ‘Yes’, Kindly share your opinion to solve this issue.

Note: No third party antivirus was installed on the PC.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,747 questions
{count} votes

Accepted answer
  1. Jenny Feng 14,071 Reputation points
    2021-07-08T02:39:43.333+00:00

    @Test Admin
    Hi,
    For now, you have not encountered similar errors on the latest system, right?

    Since this MSI file is developed, you probably did something that Defender found suspicious.
    If you are unable to reproduce the problem at this time and you have not encountered an error in other similar systems, then it is likely to be a be a false positive.
    One explanation for a false positive is that Microsoft Windows Defender may not have enough information about the file to determine that it is safe.
    False positives/negatives can occur with any threat protection solution, including Microsoft Defender

    Hope above information can help you.

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful