Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows 10 Defender quarantining patched SHC exes after windows update #1037

Open
Panbutt opened this issue Oct 17, 2023 · 4 comments
Open

Windows 10 Defender quarantining patched SHC exes after windows update #1037

Panbutt opened this issue Oct 17, 2023 · 4 comments

Comments

@Panbutt
Copy link

Panbutt commented Oct 17, 2023
edited

After a Windows 10 update, Windows Defender is now quarantining and removing the crusader exes and labeling them as a Severe-level "Trojan:Win32/Wacatac".

It doesn't take any action against the installer itself nor the exe backups, only the exes after UCP creates/patches them.

What's also odd is that it has only started doing this after I ran UCP to update changes I made to an AIC the other day. It didn't touch the existing exes, only after UCP was ran.

I'm assuming this is a false positive because it's never had a problem for the last 2+ years I've been using the same UCP installer on the same system. EDIT: Forgot to mention, I've noticed Windows 10 really doesn't like modding programs used for older games. Defender's done something similar to this with modding tools for the original Starcraft so it further makes me think it's being overzealous.

This is on Windows 10 64-bit Pro Edition 22H2 build 19045.3570. UCP Version 2.15b.
@gynt
Copy link
Collaborator

gynt commented Oct 20, 2023

Maybe Windows 10 is cracking down on Wacatac more intenstely, because based on my googling it seems like a nasty virus. Lame that game patches are hurt by this. Hopefully UCP3 will resolve this issue (by not modifying exes on disk, but rather at runtime).

@SeanK1191
Copy link

Also getting this on Windows 11 Pro version 22H2 Build 22621.2428 but it auto quarantines the exe after running the patcher and you have to restore it.

Only started using the patch 3 days ago so must have been a very recent update.

Fingers crossed you guys aren't about to start remote controlling my PC.

@gynt
Copy link
Collaborator

gynt commented Oct 22, 2023

I can assure you we are not :)

Stupid that window is being so sensitive to customized .exe files.

The main problem is that every combination of UCP features enabled creates a different exe, leading to windows saying it is an .exe file it has never seen before, etc....

Will be fixed with UCP3

@SeanK1191
Copy link

I can see how that would get annoying, hopefully those using the patch don't get too concerned.

Honestly for me adding WASD controls alone is worth the trojan ;)

Thanks for all your hard work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gynt @SeanK1191 @Panbutt