Hi there,
Windows Defender is blocking access to the latest installer again (Trojan:Win32/Wacatac.B!ml detected)
Windows Defender Trojan detected
We apologize for this ... sadly Unimus Installer had multiple false-positive detections from Windows Defender a few times already:
viewtopic.php?f=9&t=469
viewtopic.php?f=9&t=216
We have reported this to Microsoft multiple times, but it keeps coming back.
We are currently in the application process for a code-signing certificate, which should hopefully improve the situation.
We expect to have a code-signed Installer (and the Portable .exe) ready for the next major (2.0.0) release.
EDIT:
Here is a VirusTotal scan showing which AV currently false-positive identify the Installer.exe:
Just wanted to provide an update on the MS Defender false-positive.
We are currently reporting the false-positive to Microsoft.
In the meantime, please feel free to verify the installer using VirusTotal:
https://www.virustotal.com/gui/url/4ca1 ... /detection
Apologies again you ran into this,
Only the Installer is getting false-positive hits, our Portable Unimus.exe is currently getting 0 hits:
https://www.virustotal.com/gui/file/407 ... 86b56cfe0c
viewtopic.php?f=9&t=469
viewtopic.php?f=9&t=216
We have reported this to Microsoft multiple times, but it keeps coming back.
We are currently in the application process for a code-signing certificate, which should hopefully improve the situation.
We expect to have a code-signed Installer (and the Portable .exe) ready for the next major (2.0.0) release.
EDIT:
Here is a VirusTotal scan showing which AV currently false-positive identify the Installer.exe:
Just wanted to provide an update on the MS Defender false-positive.
We are currently reporting the false-positive to Microsoft.
In the meantime, please feel free to verify the installer using VirusTotal:
https://www.virustotal.com/gui/url/4ca1 ... /detection
Apologies again you ran into this,
Only the Installer is getting false-positive hits, our Portable Unimus.exe is currently getting 0 hits:
https://www.virustotal.com/gui/file/407 ... 86b56cfe0c
Update:
1) Code Signing certificate
EDIT: Starting with 2.1.0 all Unimus release binaries and now code-signed.
2) Reporting false-positive to MS
We have reported the false-positive detection to Microsoft multiple times now.
This has resulted in no change to the situation
3) Why are we being false-positive identified
The Unimus installer includes an embedded Corretto JRE (Java Runtime Environment).
This is to make it easy for the user - you don't have to install a JRE yourself (which Unimus requires).
Apparently, MS Defender doesn't like that we include a JRE in our installer, and flags it as a suspicious / malicious executable.
So all-in-all, this is a multi-faceted problem. We are still working hard to resolve this asap.
We will add a message to the download page with the link to this thread.
I will post updates as they come.
EDIT:
Here is a VirusTotal scan showing which AV currently false-positive identify the Installer.exe:
https://www.virustotal.com/gui/url/4ca1 ... /detection
As mentioned previously, only the Installer is being hit with false-positives due to the included Corretto embedded JRE.
Our Portable version is 100% identified as clean by all AVs. Here is a VirusTotal link for the Portable versions:
https://www.virustotal.com/gui/file/407 ... 86b56cfe0c
1) Code Signing certificate
EDIT: Starting with 2.1.0 all Unimus release binaries and now code-signed.
2) Reporting false-positive to MS
We have reported the false-positive detection to Microsoft multiple times now.
This has resulted in no change to the situation
3) Why are we being false-positive identified
The Unimus installer includes an embedded Corretto JRE (Java Runtime Environment).
This is to make it easy for the user - you don't have to install a JRE yourself (which Unimus requires).
Apparently, MS Defender doesn't like that we include a JRE in our installer, and flags it as a suspicious / malicious executable.
So all-in-all, this is a multi-faceted problem. We are still working hard to resolve this asap.
We will add a message to the download page with the link to this thread.
I will post updates as they come.
EDIT:
Here is a VirusTotal scan showing which AV currently false-positive identify the Installer.exe:
https://www.virustotal.com/gui/url/4ca1 ... /detection
As mentioned previously, only the Installer is being hit with false-positives due to the included Corretto embedded JRE.
Our Portable version is 100% identified as clean by all AVs. Here is a VirusTotal link for the Portable versions:
https://www.virustotal.com/gui/file/407 ... 86b56cfe0c