1.18.2-1.1.22 version flags as containing Trogan
AYM3159 opened this issue ยท 7 comments
Windows defender immediately flags the mod as Trogan.
Detected: Trojan:Script/Wacatac.B!ml
file: C:\Users\ ....\ mods\engineersdecor-1.18.2-1.1.22.jar
All previous versions do not flag in this way. Please remedy.
Hi, oh that's a critical thing, good that your system saw that and blocked. I quickly double checked my upload on Curse, and according to my system and also virustotal.com, it's clean.
- My upload is https://www.curseforge.com/minecraft/mc-mods/engineers-decor/files/3773562
- The vt check: https://www.virustotal.com/gui/file/ec3351fa32f63e08d1ca154b847998aee5db6a7a4e29b5ec1980b3eb2c3ed4dc
- The JAR is signed.
My advice, although I am no IT expert, would be
-
Download mod files from Curse (https://www.curseforge.com/minecraft/mc-mods), I upload mine there, and consider it a trustworthy platform so far.
-
Run a full Defender scan on your machine, with boot check:
I can actually confirm that I've had the same happen with this mod, as well as the following mods;
- Traveler's Titles
- Yung's Bridges
Is there anything that these 3 mods all use / implement that might be triggering Windows?
Not sure, I presume it could have to do with heuristics. The change between 1.1.22b2 and 1.1.22 was only a change in the Dropper (issue #209). For the port 1.18.1 to 1.18.2 I've rewritten the registry handling.
Did you have the 1.1.22b2 mod version installed before without trouble, or did you upgrade from 1.18.1?
Not sure, I presume it could have to do with heuristics. The change between 1.1.22b2 and 1.1.22 was only a change in the Dropper (issue #209). For the port 1.18.1 to 1.18.2 I've rewritten the registry handling.
Did you have the 1.1.22b2 mod version installed before without trouble, or did you upgrade from 1.18.1?
It seems to have resolved itself. I assume they flagged it as a false positive on their side. All mods that previously came up as trojans are now clean.
To answer your question though, I made the modpack fresh for 1.18.2; So it's likely b2 that triggered it?
Hey Max, ty for the feedback, I was already spinning my head around what this could be - virus detection is a critical thing, it can lead to mistrust in modding in general. So, really glad it's gone in your setup.
@NMPopsicle Do you still have it?
Cheers,-
Hey Max, ty for the feedback, I was already spinning my head around what this could be - virus detection is a critical thing, it can lead to mistrust in modding in general. So, really glad it's gone in your setup. @NMPopsicle Do you still have it? Cheers,-
Hi~ Downloaded from CursedForge just now. It no longer flags in the same manner. I had placed a band-aid on the issue previously by ignoring the mod folder in my virus detection. Removed that folder exception and it's not flagging either. So it appears whatever issue cause the false flag has thankfully resolved itself.