SimpleClassicTheme icon indicating copy to clipboard operation
SimpleClassicTheme copied to clipboard

Published 20 hours ago verified publisher icon AEAEAEAE4343

The reason why SCT gets flagged by Windows Defender

Open gazecube opened this issue 4 years ago • 1 comments

Describe the bug SCT is being reported as Trojan:Win32/Detplock by Windows Defender.

Reproduction Open Windows Defender and do a quick/full scan.

Expected behavior I would've expected that I would be able to download it and run it without any false-positives. ;-)

Screenshots image image image

  • OS: Win10 ver 20H2
  • SCT Version (1.2.5)

gazecube avatar Feb 04 '21 18:02 gazecube

First of all, there's no version 1.2.5? Secondly, I can't do anything about Windows Defender. Microsoft detects that SCT blocks access to the theme handles in memory. That's basically blocking out system processes which Windows Defender blocks (SCT removes all rights for the theme handle which DWM uses to draw windows, which forces it to manually draw the classic theme). This makes a lot of sense from Microsoft's perspective. But for SCT that means that I'm unable to release an executable that won't get flagged by most antiviruses.

AEAEAEAE4343 avatar Feb 04 '21 18:02 AEAEAEAE4343