Many boxed apps detects by Windows Defender as "Program:Win32/Wacapew.C!ml"

Issues related to Enigma Virtual Box
Post Reply
Psycho-A
Posts: 21
Joined: Sat Dec 17, 2022 5:25 pm

Many boxed apps detects by Windows Defender as "Program:Win32/Wacapew.C!ml"

Post by Psycho-A »

After building boxed file, many programs starts to be detected by the Microsoft anti-virus as "Program:Win32/Wacapew.C!ml" which wasn't met in the original files. Many people who received such files from me on Windows 10-11 reports they're immediately killed after download, if built-in OS protection is enabled. I know it's something about compressing code and memory hi-jacking by EVB virtualizer launcher - but can these alerts be reduced somehow? I don't care about them, but casual people - really yes...

Here's example of AV alerts on VirusTotal after making portable version of RetroArch program:
https://www.virustotal.com/gui/file/ec1 ... e5bac0e3b1

And here's even more paranoid situation, although each separate file included into boxed app is clear:
https://www.virustotal.com/gui/file/247 ... f23733cc96

Makes no sense to upload the source files, because it happens to almost every one...
Enigma
Site Admin
Posts: 2992
Joined: Wed Aug 20, 2008 2:24 pm

Re: Many boxed apps detects by Windows Defender as "Program:Win32/Wacapew.C!ml"

Post by Enigma »

Hi, just to popup the old thread, as there are many similar complaints.

Detection on packed files names "Antivirus false positive detection", it happens due to error of antivirus. There is no any kind of virus inside packed file, nor inside any of our product, no any malicious or dangerous code. False detection happens only due to mistake of the antivirus, who produces it.

There is no any option in our product that could affect false detection. Do not try to play options to find some suitable case, there is no such. Wrong detection happens randomly. You may try to repack the file and detection may gone.

If false positive detection happened, we recommend:
- use code signing certificate to digitally sign packed file. This usually helps to avoid all problems with wrong detection. Any code signing certificate (any kind, any company) is good enough
- submit packed file to antivirus, ask to fix problem, they usually quickly help. For example, for Windows Defender you can use this form: https://www.microsoft.com/en-us/wdsi/filesubmission
Post Reply