Latest Release Recognized as Threat by Windows #60
Comments
|
Is this Windows Defender? Is there a way to force the installation and/or whitelist the file? |
|
Yes, it is Windows Defender. One can force the file to be restored in the settings of the Defender. I mainly wanted to let you know that this is a thing. The previous version is not detected as malicious. I have not tried to create the ppam myself, as I don't currently have the need for the latest version. But I might try later. |
|
Thanks a lot for letting me know! I use Defender as well so I can see if it gets flagged on my end too. I will also check virustotal. |
|
I just tried downloading the |
|
The count has now climbed to 13/62. I have honestly no idea what is triggering these detections, other than stupid AI and herd behavior. The "Code Insight" is actually pretty spot on and explains that all the functions that are used are there for a good reason, not a malicious one. The other AI-generated code analysis basically talks about generic things that, indeed, a malicious add-in would do, but also that any add-in that needs to execute external programs and store information in the registry would do too... |
|
If someone gets a similar malware detection, it would be very helpful if you could:
|
|
Confirmed the issue. Detected as https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan%3AScript%2FWacatac.B!ml and blocked. The unblocking requires allowing Wacatac.B!ml. I have just submitted the iguanatex_v1_61.ppam as User Opinion: Incorrect detection at https://www.microsoft.com/en-us/wdsi/filesubmission/ |
|
Thanks @lobpcg ! |
|
Can confirm that the issue still persists with Win Defender definitions from 18th April 2024. I also submitted the file to https://www.microsoft.com/en-us/wdsi/filesubmission/ as incorrect detection, hopefully they can clear it soon. I can also confirm that downloading the .pptm, then "Save as" to .ppam seems to work, Defender does not detect the created .ppam as threat in that case. |
|
Thanks for the updates! I will mention all this in the release. |
|
Confirming detection of Wacatac.B!ml on Windows 11 (10.0.22631). |
|
The same issues also shows with Cisco AMP where it quitely deletes files and not tell users. |
|
Can you report false positives to Cisco? |
|
I did not try to play the rename trick but I suspect the result is the same. I can't really report to Cisco. Cisco recommend whitelisting the files. Here is what is written about it, incase you want to see full details of this file. |
|
If you get to trying to download the .pptm and converting it to a .ppam via PowerPoint's "save as" ("export" on Mac), I'd be curious to know if that worked. |
|
I downloaded the .pptm file, Exported to .ppam file. Scan it with Cisco AMP. The result is fine. No detection. |
|
Thanks for confirming. I updated the release text to encourage more users to try this. |
|
My Windows Defender was still blocking the PPAM file that I exported from the PPTM file. I ended up having to tell Windows Defender to make an exception for macros coming from a certain directory (as detailed here by Microsoft). |
|
Hi. I'd like to report that the pptm to ppam workaround no longer works, at least on 365. After opening the .pptm file I am blocked from editing it; powerpoint redirects me to this microsoft page EDIT: Windows 11. |
|
Can you unblock it as explained on the page? |
The latest 1.61 release is recognized by Windows as Trojan:Script/Phonzy.B!ml and installation is blocked.
The text was updated successfully, but these errors were encountered: