Resolute icon indicating copy to clipboard operation
Resolute copied to clipboard

Published 20 hours ago verified publisher icon Gawdl3y

Unable to work on Windows 11 due to detected trojan virus

Open Nytra opened this issue 1 year ago • 6 comments

Screenshot 2023-12-17 021544 edit

Trojan:Script/Wacatac.B!ml

Nytra avatar Dec 17 '23 02:12 Nytra

It's not a Trojan. If I were to guess, Defender sometimes identifies it as such due to the self-updating functionality. What's more frustrating is that it only sometimes screams about it, not consistently. You may just need to whitelist it. Hopefully, as more people download it and Microsoft picks up on its existence via the usual telemetry, this problem will go away. I'm also going to submit it as a false positive on Microsoft's site, although who knows how effective that will be!

This problem will likely come and go until MS and other vendors see Tauri apps more frequently. The only permanent fix in the meantime is probably to sign the executable using an EV code signing certificate... but that costs hundreds of dollars per year to maintain, which is not an investment I can feasibly make at the moment.

See tauri-apps/tauri#2486

Gawdl3y avatar Dec 17 '23 12:12 Gawdl3y

Funnily enough, it seems nothing improperly flags the MSI version of the installer with anything, according to a VirusTotal scan - so if you'd rather not whitelist anything, you can give that a shot.

Also on the subject of VirusTotal, according to the scan on the EXE installer, nothing is detected in behavioural analysis. It's purely some signature-based AV that is being tripped.

Gawdl3y avatar Dec 17 '23 12:12 Gawdl3y

I just released v0.4.0 and scanned both the installer and the installed EXE manually with Defender, but it didn't report anything this time around. Dunno if it's just a fluke or if it's actually okay with this version, but I didn't make any relevant changes.

Gawdl3y avatar Dec 17 '23 13:12 Gawdl3y

I tried the EXE installer for v0.4.1 and it worked and didn't warn me about a trojan. So maybe this issue can be closed? Although the problem may still crop up again in future releases.

Nytra avatar Dec 17 '23 16:12 Nytra

release 0.7.1 reported with this variant: image Interestingly, VT doesnt flag it on microsoft, but flags the installer on 2 other things, and the EXE on only one of them.

liny-fox avatar Jan 25 '24 02:01 liny-fox

Most recent 0.8.0 still appears to have this issue for some. According to VirusTotal, it is still being flagged by one vendor along with matching a yara rule on https://github.com/Gawdl3y/Resolute/blob/b3cae91233a65bf75b40ab1bf455f6057b9d7b41/crates/resolute/src/manifest.rs#L20

aa7433c7ae

XDelta avatar Feb 25 '24 14:02 XDelta