Jump to content

I don't want my tool to be detected by Windows Defender.


raphael123

Recommended Posts

Hi
I'm making a simple and light executable program, for an old multiplayer game. (as a fan)
It is intended for managing the official client game program, such as managing non-official updates/patches, like a mini-launcher.

It is intended to be manually installed using a "proposer", where the player could choose if he wants or not to install this mini-launcher.
The proposer is getting download to the player os, when joining a specific public dedicated server, which appears in the servers list just like the others.
Once the proposer.exe is downloaded, it gets automatically opened using the game engine.

I build this file using the Win32 api, C++ and Visual Studio on Windows 11.
I don't have any issue with Windows Defender when building and opening the tool.

___________________


But I have a testing laptop running Windows 10, and when I plug a usb key with the proposer.exe in it, the file gets detected and quarantined.
Same when I make it getting downloaded when joining the game server.

But it seems that this antivirus is not consistent, because when I plug the usb key in the pc where I build the tool, it's not getting detected, I can paste the file on my desktop and open it.
But if I wait some time, then I can't paste the file anymore because of the antivirus.

And also for example, when I compress this file in a zip on the build pc, if I wait some time and then try to extract this zip, now the antivirus detects it.
When I scan it, the antivirus finds no threat, but the one of virustotal does. It gets detect by around 20 antivirus on this website.

___________________

It seems that the time, is a reason about all this.
When I build the file, then I directly take a usb key to copy it and then plug in the test laptop, then it doesn't get detected, I can paste it on the Desktop and open it.

The files gets detected as a "Trojan:Win32/Wacatac.B!ml"

I also got a detection of this name, using .vbs scripts before starting with this Win32 C++, I thought it would help but apparently not.

Could you help me please?

 

Is it related about machine learning?

I heard about the possibility to ask antivirus providers to whitelist your files, I don't understand well how this works.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...