Engineer's Decor

Engineer's Decor

19M Downloads

1.18.2-1.1.22 version flags as containing Trogan

AYM3159 opened this issue ยท 7 comments

commented

Windows defender immediately flags the mod as Trogan.

Detected: Trojan:Script/Wacatac.B!ml
file: C:\Users\ ....\ mods\engineersdecor-1.18.2-1.1.22.jar

All previous versions do not flag in this way. Please remedy.

commented

Hi, oh that's a critical thing, good that your system saw that and blocked. I quickly double checked my upload on Curse, and according to my system and also virustotal.com, it's clean.

My advice, although I am no IT expert, would be

full-scan

commented

I can actually confirm that I've had the same happen with this mod, as well as the following mods;

  • Traveler's Titles
  • Yung's Bridges

Is there anything that these 3 mods all use / implement that might be triggering Windows?

commented

Not sure, I presume it could have to do with heuristics. The change between 1.1.22b2 and 1.1.22 was only a change in the Dropper (issue #209). For the port 1.18.1 to 1.18.2 I've rewritten the registry handling.

Did you have the 1.1.22b2 mod version installed before without trouble, or did you upgrade from 1.18.1?

commented

Not sure, I presume it could have to do with heuristics. The change between 1.1.22b2 and 1.1.22 was only a change in the Dropper (issue #209). For the port 1.18.1 to 1.18.2 I've rewritten the registry handling.

Did you have the 1.1.22b2 mod version installed before without trouble, or did you upgrade from 1.18.1?

It seems to have resolved itself. I assume they flagged it as a false positive on their side. All mods that previously came up as trojans are now clean.

To answer your question though, I made the modpack fresh for 1.18.2; So it's likely b2 that triggered it?

commented

Hey Max, ty for the feedback, I was already spinning my head around what this could be - virus detection is a critical thing, it can lead to mistrust in modding in general. So, really glad it's gone in your setup.
@NMPopsicle Do you still have it?
Cheers,-

commented

Hey Max, ty for the feedback, I was already spinning my head around what this could be - virus detection is a critical thing, it can lead to mistrust in modding in general. So, really glad it's gone in your setup. @NMPopsicle Do you still have it? Cheers,-

Hi~ Downloaded from CursedForge just now. It no longer flags in the same manner. I had placed a band-aid on the issue previously by ignoring the mod folder in my virus detection. Removed that folder exception and it's not flagging either. So it appears whatever issue cause the false flag has thankfully resolved itself.

commented

Very cool, ty for the feedback.