windows keeps blocking my downloads because it recognizes "Script/Wacatac.B!ml" as a trojan
I think I've actually seen this exact file get flagged a lot before. false positives eh?
Very much a false positive. The following is quoted
verbatim from a mad lad and his most excellent Romantic CD site:
-----
"Some time ago, Microsoft Windows "Real Time Protection" and "Windows Defender" stopped analyzing files for virus.
Instead they started using
Machine Learning to
guess if a file has a virus or not.
But how can it reliably know if a file is a virus without analyzing it first?
ANSWER: IT CAN'T and IT DOESN'T.
"If a file exhibits behavior or characteristics similar to known malware, it may trigger a detection."
But the only sin these files committed really was being compressed,
that's it.
All this does is scares the poopies out of people and ruin the site reputation (not only this one). You can google "Wacatac reddit" or something and see these AI detections are useless false positives.
When you inspect the "threat" you will find it says "Trojan:Script/Wacatac.B!
ml" <
That "ml" at the end stands for Machine Learning, as in
"We didn't analyze the file, we just guessed it was a virus cos it's a compressed file and sometimes virus are compressed". Well ain't that great?
So this file I just compressed is a virus? Ok let's send it to Microsoft themselves for testing.
You can send them files under 500MB to test yourself from this page
You must be registered to see the links
Here are the results for the file above:
Note how the only files inside are:
- a .bin (clean)
- a .cue (clean)
- a .url (which is a link to this site, also clean)
Let's think for a bit.
If .7z is a container for anything really, not a program, and all the files it contains are clean. WHERE IS THE VIRUS???
....
NOWHERE!
WHAT TO DO:
To stop this nonsense from deleting your files, add your downloads folder (or wherever you direct your downloads) as an exception. I know this isn't ideal but is the only way to stop it from deleting .7z files.
- Go to the start menu, type "Security".
- Scroll down until "Exclusions" click "Add or remove exclusions"
- Find the folder your browser saves the files to.
That's it, it will not flag or delete your downloads any more.
Beware though:
if you download a real virus it will also not delete it. It's up to you to think and decide what to download and execute on your computer."
-----
Now this doesn't
fully apply here, as the files involved here tend to be more than a .bin/.cue/.sms/.etc and a URL, but the information stands.
When in doubt, don't download it. But Script/Wacatac.B!ml is the one of the most common false flags in cyber security I've come across since the launch of Windows 11.
