Today my attempts to download Selenium.xlam or the whole repository in ZIP format get blocked by Defender:

Link: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3AScript%2FWacatac.H!ml&threatid=2147814524

My version:

Does it happen to you too?

yes - same happening to me. Scanning with MalwareBytes results in no detection. Likely a false positive but I submitted SeleniumVBA.xlam file to Microsoft for further determination. Will let you know the results when I get them...

I have not received the Microsoft analysis back yet, but it looked like the file scanned negative by their cloud scanner, as part of the submission process.

I just updated Defender's security intelligence on my machine to v1.399.1471.0 and rescanned the xlam file in my GitHub desktop - no problems. I then tried downloading both the xlam and the release asset zip files from our GitHub repo and had no problem downloading. So presumably the false positive has been fixed in the latest version of Defender intelligence...? Can you update intelligence and try again? Thx.

I just manually called an update of Windows Defender and now it passes for me too!

A pass on VirusTotal shows the keywords "download" and "heuristics"

that makes me suspect that they may be (too much) sensible to our automatic download from the web (and execution) of the webdriver executable, without considering that we're just taking the official files from official Google/Microsoft/Mozilla servers:

I saw that other security people had problems with the Google domain "gvt1.com" and antiviruses. Could this be it? we'll likely never know... :-)

Closed (fixed by Microsoft)

MS submission report Analyst comments:

At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed. Please follow the steps below to clear cached detections and obtain the latest malware definitions.