Community

Windows Defender false positive on 7.6.2.0 Host MSI

G E, User (Posts: 3)

Aug 21, 2025 8:17:20 pm EDT

Windows 11 - Defender defs: 1.435.310.0

Trojan:Win32/Wacatac.C!ml

I created a s signed version of the host msi for easy deployment on remote machines.

Defender immediately deletes the file, marks it as "Severe" and doesn't let you un-quarantine. I reported to MS but I'm sure my complaint will fall on deaf ears.

Conrad Sallian, Support (Posts: 3182)

Aug 22, 2025 4:29:45 am EDT

Hi GE,

Thank you for your message.

Unfortunately, each custom installer package—even if it is signed with our digital signature—generates a different file hash. This is why some antivirus programs may still detect it, even if the standard (vanilla) package is not flagged. In such cases, the customer will need to report their specific file individually after preparing a custom package.

That said, the whole point of digital signatures tends to get overlooked in the “security industry”—they are often ignored altogether.

Submit a reply

^* Website time zone: America/New_York (UTC -5)