Jump to content

I don't want my tool to be detected by Windows Defender.


Recommended Posts

I'm making a simple and light executable program, for an old multiplayer game. (as a fan)
It is intended for managing the official client game program, such as managing non-official updates/patches, like a mini-launcher.

It is intended to be manually installed using a "proposer", where the player could choose if he wants or not to install this mini-launcher.
The proposer is getting download to the player os, when joining a specific public dedicated server, which appears in the servers list just like the others.
Once the proposer.exe is downloaded, it gets automatically opened using the game engine.

I build this file using the Win32 api, C++ and Visual Studio on Windows 11.
I don't have any issue with Windows Defender when building and opening the tool.


But I have a testing laptop running Windows 10, and when I plug a usb key with the proposer.exe in it, the file gets detected and quarantined.
Same when I make it getting downloaded when joining the game server.

But it seems that this antivirus is not consistent, because when I plug the usb key in the pc where I build the tool, it's not getting detected, I can paste the file on my desktop and open it.
But if I wait some time, then I can't paste the file anymore because of the antivirus.

And also for example, when I compress this file in a zip on the build pc, if I wait some time and then try to extract this zip, now the antivirus detects it.
When I scan it, the antivirus finds no threat, but the one of virustotal does. It gets detect by around 20 antivirus on this website.


It seems that the time, is a reason about all this.
When I build the file, then I directly take a usb key to copy it and then plug in the test laptop, then it doesn't get detected, I can paste it on the Desktop and open it.

The files gets detected as a "Trojan:Win32/Wacatac.B!ml"

I also got a detection of this name, using .vbs scripts before starting with this Win32 C++, I thought it would help but apparently not.

Could you help me please?


Is it related about machine learning?

I heard about the possibility to ask antivirus providers to whitelist your files, I don't understand well how this works.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...