Won't Download. Defender thinks this is a Wacatak.B!ml Trojan virus.

[ArtisanDejure]

Here are the details when the file is autodeleted as it is being downloaded. I've tried adding an exception for the URVR.zip file which doesn't seem to work.

\Downloads\UEVR.zip|https://objects.githubusercontent.com/github-production-release-asset-2e65be/531307134/ace918d1-d42a-4f21-b28c-c4b4a5fdb8c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240106%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240106T154456Z&X-Amz-Expires=300&X-Amz-Signature=cada4e6b52ee7139bbf44ae3330e23045c155be0cdbdb6c0c4992e9d5141eb2d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=531307134&response-content-disposition=attachment%3B%20filename%3DUEVR.zip&response-content-type=application%2Foctet-stream|pid:3428,ProcessStart:133490294986615592

[JRDevo]

Similar with BitDefender "UEVR.zip tried to load a malicious resource detected as Gen:Variant.Midie.141938 and was blocked. Your device is safe."

Seems its also Kaspersky, check https://github.com/praydog/UEVR/issues/17#issuecomment-1874524265

[Zeltrax]

Having same ish message aswell as chrome is blocking it.

We blocked this dangerous page for your protection: https://objects.githubusercontent.com/github-production-release-asset-2e65be/531307134/ace918d1-d42a-4f21-b28c-c4b4a5fdb8c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240106%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240106T222201Z&X-Amz-Expires=300&X-Amz-Signature=84fd3ffbd2b238e01775b3071fedda569f8981553f82924a30cf7e28fa32b138&X-Amz-SignedHeaders=host&actor_id=8917813&key_id=0&repo_id=531307134&response-content-disposition=attachment%3B%20filename%3DUEVR.zip&response-content-type=application%2Foctet-stream Threat name: Gen:Variant.Midie.141938 Dangerous pages attempt to install software that can harm the device, gather personal information or operate without your consent.

[xcrgames]

Same problem on my side of things.

[SaxoFr]

Idem avec l'antivirus Microsoft ... Que faire ?

[neovinter]

Same issue. Windows Defender sent file UEVRBackend.dll to quarantine. Virustotal: 12 security vendors and no sandboxes flagged this file as malicious What is the cause of this issue?

[JRDevo]

Downloaded & extracted 1.3 today without issues from Bitdefender.

Can others try?

[Zeltrax]

Downloaded & extracted 1.3 today without issues from Bitdefender.

Can others try?

Yep all working now for me.

[neovinter]

Downloaded & extracted 1.3 today without issues from Bitdefender.

Can others try?

I did, everything is much better now

[Gerion76]

I cant download it. Not working here.

[lucalemboure1]

same here :( not working ==> Trojan.GenericKD.7129053

[xNepenthe]

Same over here. Using Windows 11; blocked directly by Google Chrome, then when enabling "Insecure origins treated as secure", it downloads but gets flagged right away by Windows Defender: Trojan:Win32/Malagent!MSR

[mikashki]

Same experience as above. Tried to download just now, but the uevr.zip gets flagged and blocked by Windows Defender (Win11), also Chrome and Edge browsers refuse to download/save it on disc. Defender says it contains Trojan:Win32/Malagent!MSR

[praydog]

Try the Nightly builds. These are picked up by some vendors but not as many as the main build (yet). It might change as more runtime analysis is performed on them.

[mikashki]

Try the Nightly builds. These are picked up by some vendors but not as many as the main build (yet). It might change as more runtime analysis is performed on them.

Unfortunately, also the nightly build uevr.zip gets flagged. Now the zip download succeeded, but unzipping it causes a Windows Defender warning about Trojan:Win32/Wacatac.H!ml in uevrinjector.exe and the .exe is removed from the unzipped folder.

[dep]

@JRDevo

Downloaded & extracted 1.3 today without issues from Bitdefender.

1.3 of UEVR? The latest is beta 1.03

[JRDevo]

I meant 1.03.

[hamamichhi]

I downloaded it to my Macbook Pro and unzip. then transfer by USB flash memory to a Windows 11 PC. now I can open UEVR.

[bbadger07]

Here are the details when the file is autodeleted as it is being downloaded. I've tried adding an exception for the URVR.zip file which doesn't seem to work.

\Downloads\UEVR.zip|https://objects.githubusercontent.com/github-production-release-asset-2e65be/531307134/ace918d1-d42a-4f21-b28c-c4b4a5fdb8c7?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAVCODYLSA53PQK4ZA%2F20240106%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20240106T154456Z&X-Amz-Expires=300&X-Amz-Signature=cada4e6b52ee7139bbf44ae3330e23045c155be0cdbdb6c0c4992e9d5141eb2d&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=531307134&response-content-disposition=attachment%3B%20filename%3DUEVR.zip&response-content-type=application%2Foctet-stream|pid:3428,ProcessStart:133490294986615592

dont work

[heiblum]

I also experience the same download and unzipping problems with W11 fully updated PC

[hectorC]

Same problem for me with Windows 11. It gets blocked by Microsoft Defender.

[iandanforth]

Do we know that this is in fact a false alarm?

[toolman11]

I've been trying for the past few releases (including the current one) to download uevr.zip but Windows 11's Defender keeps blocking it, saying there's a Trojan:Win32/Ulthar.A!ml.

I've also tried previous release and same or similar issue with a virus detected. I'm hesitant to override and install. Can anyone shed some light?

This is on a brand new gaming PC with the latest Windows 11 Professional updates.

[DavidCyb]

The latest nightly was flagged by windows defender as having Trojan:Win32/Ulthar.A!ml

[lstrozzi]

If many antiviruses report a virus, there is something strange going on. Perhaps there's really a virus! I wouldn't risk the integrity of my system and especially of my data, for the sake of experimenting a mod for a videogame. If the author is serious, they will inspect what the issue is and stop blaming on people's antivirus programs. Otherwise we must assume there's a virus

[grayshirk]

[indiana11011100]

Well, call me overprotective, but this is the result for the actual release 1.03 beta with virustotal:

[mrbelowski]

so every vendor detects something different. Surprised there's room for any functionality at all in the mod, given how many trojans it's packaged with.

It's not hard to build from source if these false positives are unsettling

[sher1ff]

sus

[indiana11011100]

so every vendor detects something different. Surprised there's room for any functionality at all in the mod, given how many trojans it's packaged with.

It's not hard to build from source if these false positives are unsettling

Well again (virustotal), and no I dont wanna blame anyone I just have concerns and really appreciate the great work on this tool I mean it is extremly great to see things like this are possible! This time the whole asset got about 10 MB smaller (~21 not ~30) and less detections. Of course UEVR probably can have some strange behaviour for AV scans I guess. It says itself inject to VR, however this is really done and maybe this is suspicious for AV tools. Anyway, my concern is not about the possible detection by e.g. AI scans, but now it is because there are still detections and the quite big suspect difference in file size (Just an indication or less graphics ... sure). And forgive me, as I still have concerns I would not compile (not as simple as creating a github account) locally to bypass an AV scan.

Maybe it would be possible to get in contact with some of the AV companies to get a detailed test or better exclusion on their side. This would be just a few E-Mails, so not as hard as build the source...

[praydog]

It's smaller because it was an automated build not done by my PC like the last one. It will be this way going forward.