Remote access trojan detected by windows after updating to 1.0; Trojan:Script/Sabsik.FL.A!ml

[Jawzper]

@ USBHelperInjector.dll

[tonyjobson]

Same problem seen today on the code that was updated 2 days ago.

[tonyjobson]

[Masamune3210]

And just like on that comment, I seem to have to say this again. Its a false positive, if there was actual malware, more than just a couple people every once in a while would be screaming about it. Open source programs constantly have to deal with AV's throwing false positives every time a new build is released, its a side effect to how modern heuristic based AV solutions work.

[tonyjobson]

Sorry found the closed issue from a few days ago a little late @Masamune3210 ran the update for defender and now it's not complaining anymore. For refference and resolution: https://github.com/FailedShack/USBHelperLauncher/issues/91

[Masamune3210]

If you want to know more about why it's being detected as possibly malicious, it's because of heuristics like I said previously and the fact that it injects code into another process. This is fine if you trust the program, plenty of other programs do it as well. The problem is that malware does it too and av companies would rather err on the side of caution and flag everything and generate false positives to make sure they catch as much as they can.

[tonyjobson]

@Masamune3210 I'm now getting alerts against the dll file as well

is there anyway to revert back?

[Masamune3210]

You don't need to, and probably don't want to. Just add an exception to tell Defender to stop whining

[Masamune3210]

You can add a whole folder as an exception btw Turn defenders real time protection off temporarily, move the files where they go, add a folder exception, and turn it back on

[FailedShack]

Please let me know of the versions listed here so I can report these issues to Microsoft: https://www.bleepingcomputer.com/tutorials/how-to-find-the-microsoft-defender-version-installed-in-windows-10/