Avoid AV detection

Question

Avoid AV detection

Okmeque1 opened this issue 3 months ago · comments

Okmeque1 commented 3 months ago

System Details

OS: Win10 20H2
Thorium Version: 122 Revision 3, WIN32_SSE2 version

Problem
Win Defender detects it as a virus, WACATAC.H!ML for no reason. M122.0.6261.158 version does not detect.

Screenshots
Win Defender + Chrome

Old M122.0.6261.158 version

Additional Notes
Not a big issue, just please fix it...

Ho Cheung · Answer 1 · Mon Apr 29 2024 10:16:55 GMT+0800 (China Standard Time)

You are currently using the win10 system, you may not need to use the version in this repo, the version in this repo is prepared for systems before win10.

You may want to follow and use the version in this repo
https://github.com/Alex313031/thorium-win

I'll report the false positive to Microsoft and let you know the results when they're available.

Okmeque1 · Answer 2 · Tue Apr 30 2024 02:11:58 GMT+0800 (China Standard Time)

alr thx

…

On Mon, 29 Apr 2024 at 03:17, Ho Cheung ***@***.***> wrote: You are currently using the win10 system, you may not need to use the version in this repo, the version in this repo is prepared for systems before win10. You may want to follow and use the version in this repo https://github.com/Alex313031/thorium-win I'll report the false positive to Microsoft and let you know the results when they're available. — Reply to this email directly, view it on GitHub <#74 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A47M6DKUAUSVZYJND3VZ6JDY7WUSZAVCNFSM6AAAAABGQJ5LXCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBRG44DINRWHE> . You are receiving this because you authored the thread.Message ID: ***@***.***>

-- *The Okmeque1* *Okmeque1 Corporation*

Ho Cheung · Answer 3 · Tue Apr 30 2024 14:05:41 GMT+0800 (China Standard Time)

Microsoft reply

`
Analyst comments:

At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.

Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus
`

Okmeque1 · Answer 4 · Wed May 01 2024 02:45:55 GMT+0800 (China Standard Time)

Thank you.

…

On Tue, 30 Apr 2024 at 07:06, Ho Cheung ***@***.***> wrote: Microsoft reply `Analyst comments: At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions. 1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender 2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures” 3. Run "MpCmdRun.exe -SignatureUpdate" Alternatively, the latest definition is available for download here: https://docs.microsoft.com/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus` — Reply to this email directly, view it on GitHub <#74 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A47M6DJF45TJYYPFFCQKG7DY74YEVAVCNFSM6AAAAABGQJ5LXCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOBUGQ2DONZUG4> . You are receiving this because you authored the thread.Message ID: ***@***.***>

-- *The Okmeque1* *Okmeque1 Corporation*