Hi,
I don't want to cause any panic - but I am facing the following issue:
Today when I started my PortableApps, and wanted to check for updates I was "greated" with the following error:
Unable to connect to PortableApps.com to retrieve portable
apps. Please try again later.
[InvalidZipFilePossibleNoConnectionOrFirewall ]
and at the same time by the following Windows Defender warning:
Virus & Threat Protection
Threats Found
...
Upon checking Defender's history, this is what I found:
Threat Blocked SEVER
Detected: Trojan:Script/Wacatac.B!ml
Details: This program is dangerous and executes commands from an attacker.
Affected items:
File: C:\Users\--------\AppData\Local\Temp\nslD733.tmp\update.7z
To be sure it wasn't my current system that got infected somehow
I did quickly installed Portable Apps on a CLEAN (ESXi) Virtual Windows 10 Pro!
And got exacltty the same warning!!!
Please review my post and let me know if it's me only or is there indeed an issue
I was running Platform 29.1 when I got the warning!
Then manually updated to Platform 29.1.1 but stll get the same error when trying to get updates!
Regards
Wolfferine
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
Everytime i try to manually trigger the updater Windows Defender comes up and claims this file:
C:\Users\...\AppData\Local\Temp\nsmE448.tmp\update.7z
contains Trojan:Script/Wacatac.F!ml
I guess this is another false positive but i want to be sure
Please see this earlier post about the issue.
It makes it a lot easier for everyone if we keep all discussion about the topic in one thread. Thanks.
The mentioned posts title is missleading. It talks about Wacatab.B!ml while this thread here is about Wacatac.B!ml.
Might be a typo or in fact two different flavours of a trojan, who knows... :-)
The body of that post says Wacatac, so I'm assuming the title was just a typo.
Maybe an admin can merge this thread with the other one and the other threads title can be corrected. By the way, i just got another signature update of my Defender hoping this will fix the most likely false positive but it just changed the detected trojan. Now it blocks and claims a Trojan:Script/Sabsik.FL.A!ml. Still wating and looking forward to see it fixed.
I've updated the title, but there's no way for me to merge threads.
Hi Ken,
No, it wasn't a typo!
Please update your definitions. VirusTotal shows clean across the board. Microsoft's online false positive submission tool shows it as clean. And it shows as clean and works without issue on an updated Windows 10 and Windows 11 machine here.
To update Defender's definitions, click Start and type security. Click on Windows Security. Click Virus & threat protection. Further down the page click Check for updates. Click check for updates. Also ensure your Windows is fully up to date as this may update Defender components.
Microsoft has had a ton of issues with Wacata* false positives in the last 3 days.
Sometimes, the impossible can become possible, if you're awesome!
John thanks for your reply - btw I was sure it wasn't PortableApps,
I just wanted share what I was experiencing with Windows.
FYI - Issue is now resolved (after the latest update about 5 minutes ago) - as you did advice
Security Intelligence Version 1.4095.477.0
Updated 2024-02-23
A few hours ago I just had updated my system (incl. Defender) before firing up PortableApps updates - that's when I was getting the warnings
Security Intelligence Version 1.405.463.0
Updated 2024-02-22
And that's why I am so happy with my 2 other systems: Debian and macOS, who imo always been much more stable than Windows, and less less prone to malware and viruses. If you think I am wrong just go and check the following data from CVEdetails.com (by SecurityScorecard)
https://www.cvedetails.com/version-list/23/36/1/Debian-Debian-Linux.html
https://www.cvedetails.com/version-list/49/156/1/Apple-Mac-Os-X.html
and compare it to
https://www.cvedetails.com/version-list/26/125376/1/Microsoft-Windows-10...
https://www.cvedetails.com/version-list/26/164881/1/Microsoft-Windows-11...
Hi!
Currently no updates possible, defender is ranting about dangerous scripts.
Defender definition updated now.
Since yesterday no updates possible.
br ! 2b2b
tested now on 4 w10 pc.
all updated today.
While no problem yesterday, today 24. feb no operation of portable apps on those w10 possible as all is blocked by the defender. Neither installed onusb stick nor installed on pc direktly works.
No further updates to defender possible.
the update is reported as: 1.405.505.0
Otto Sykora
Basel, Switzerland
Same for me, but the detection is Trojan:Script/Sabsik.TE.A!ml. Defender definitions are 1.405.505.0 and cannot update it further.
Panicked at first, but noticed Defender alerted my after Windows started. Checking the event logs showed it was PortableApps-related. I have it starting with Windows, and I have it check for updates on startup. And it's repeatable when checking for updates manually, which thrown up an error window.
Hi !
Same thing here with W10 and W11 ... Maybe false positives...
Only detected by real time engine, not by a manual scan...
Regards
Yves
I am getting this too. Everything was fine a week ago.
Trojan:Script/Wacatac.B!ml
Defender updated to 1.405.524.0 and apps can be checked for updates without the detection.
Windows Defender (on Windows 11 pro) detects Trojan:Script/Sabsik.TE.A!ml with update 1.405.529.0
Windows 11 Pro with update 1.405.529.0 running in a clean virtual machine and it works without issue. Did you change any Security settings?
Sometimes, the impossible can become possible, if you're awesome!
I haven't made any changes to the security settings, but I don't use a virtual machine.
Using a virtual machine or not shouldn't affect scanning. I just mention it because it's essentially a clean install of Windows 11 Pro which has never had any software installed on it and hasn't had any Windows Security settings altered.
Sometimes, the impossible can become possible, if you're awesome!
I rescanned everything released in the last 3 days. A couple of the launchers had that same false positive in Defender when first released, likely due to an updated code signing certificate (happens yearly), and all the Defender false positives have been resolved in both the installer and launcher. Platform and updater working fine here on Windows 10 and 11 in clean virtual machines using all the default Defender settings with update 1.405.529.0. I'm unsure why a few users are experiencing issues but hopefully it'll settle soon.
Sometimes, the impossible can become possible, if you're awesome!
Problem solved for me with Windows Defender update 1.405.569.0 .
Still okay after updating to 1.405.529.0.
Thanks for letting us know that this was a false positive.