anomalyco
Windows Defender reports Trojan:Win32/Wacatac.H!ml when launching the latest version of OpenCode
Hi team,
I encountered a security issue when launching the latest version of OpenCode on Windows. Windows Defender immediately identifies the startup process as malicious activity and reports the threat Trojan:Win32/Wacatac.H!ml.
Environment:
- OS: Windows 10 / Windows 11 (Windows 11)
- OpenCode version: 1.1.8+ all of them
Detection details from Windows Defender:
- Threat:
Trojan:Win32/Wacatac.H!ml - Status: Active
- Description: This program is dangerous and executes commands from an attacker.
- Affected files are temporary DLLs generated under:
C:\Users\{UserName}\AppData\Local\Temp\{random}.dll
(Example from my system:)
C:\Users\xxx\AppData\Local\Temp\3aebf761ddfd7fd5-00000001.dll
C:\Users\xxx\AppData\Local\Temp\3aebf761ded7a7ed-00000000.dll
C:\Users\xxx\AppData\Local\Temp\3aebf67cd73efd-00000001.dll
C:\Users\xxx\AppData\Local\Temp\3aebf67d8c57b6f5-00000000.dll
Steps to Reproduce:
- Install the latest version of OpenCode
- Launch the application
- Windows Defender immediately pops up a threat alert
Expected behavior: Launching OpenCode should not trigger antivirus warnings.
Actual behavior: Windows Defender flags the startup as malware and quarantines or blocks generated temp DLLs, preventing the program from running normally.
Additional notes:
- This may be a false positive, but it severely affects normal usage.
- Please help confirm whether this behavior is expected, and whether code signing or packaging needs adjustment.
Thanks! Let me know if you need more logs or diagnostic information.
Plugins
No response
OpenCode version
1.1.8+ all of them
Steps to reproduce
No response
Screenshot and/or share link
No response
Operating System
No response
Terminal
No response
