v3.25 patch exe is false detected with Trojan:win32/Wacatac.B!ml

[ManlyMarco]

If you use Microsoft Defender, you may get a malware scan warning after downloading KK HF Patch v3.25, claiming the exe file contains the "Trojan:win32/Wacatac.B!ml" malware. It appears that all other antivirus programs treat the file as safe, as seen on virustotal (ignoring a couple of machine learning detections, which happen on all compressed inno setup installer it seems).

The PC used to make patches was scanned and nothing was found. The patch files were scanned on another PC and other than the false detection there was nothing wrong with them.

What can you do

Scan the exe file on virustotal, if you get these results then it's a false positive and can be safely whitelisted https://www.virustotal.com/gui/file/77e6a776d011e2b98f6d1c20d68873853e7cb9b821821c507e224d715f1aa416 If the hash of your exe is different then something modified the file and it CAN be real malware (or it got corrupted). In that case download something like malwarebytes and run a full PC scan before redownloading the patch exe file.

Please submit the patch exe file to Microsoft for analysis so it gets bumped up in priority to be whitelisted https://www.microsoft.com/en-us/wdsi/filesubmission (you should be able to do this from within windows defender).

If you're worried then you can wait until the exe file gets whitelisted and try again later (you can keep the bin files as they do not trigger any detections). Old exe files from previous patches will not work.