Windows Defender flags ADRIFT Runner as malware

This forum is the place to learn about and discuss ADRIFT 5. Feel free to mention any bugs you find here, but please also add these to the Bugs & Enhancements list.

Please also refer to the ADRIFT 5 Wiki for more information.
Post Reply
dfabulich
Posts: 8
Joined: Mon Oct 29, 2018 5:48 am

Windows Defender flags ADRIFT Runner as malware

Post by dfabulich »

I downloaded http://www.adrift.co/files/ADRIFT5r.zip in Google Chrome, and used it to extract run500.exe. Windows Defender flagged it as malware.
malware.png
malware.png (58.17 KiB) Viewed 161 times
Status: Active
Active threats have not been remediated and are running on your device.

Threat detected: Trojan:Win32/Wacatac.D8!ml
Alert level: Severe
Date: 9/26/2020 11:42 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
I see that I'm not the first person to report that the runner gets flagged as malware, viewtopic.php?f=14&t=12652&p=107579&hilit=malware#p107579 but in this case, I don't think Windows Defender is being excessively cautious… it's identified an actual Trojan that matches this file.

I notice that the file is transferred via non-secure HTTP transfer; I can't tell whether the file was modified in transit or whether the file is corrupted on the server side. The MD5 of my copy of run500.exe is 97108dffcca9f20430ef5bc47cad7418.

May I suggest that the Adrift releases be uploaded to Github as "releases" so that they can be downloaded from Github via HTTPS? (I think it would be wise for adrift.co and forum.adrift.co to use HTTPS, but I recognize that this is easier said than done.)
dfabulich
Posts: 8
Joined: Mon Oct 29, 2018 5:48 am

Re: Windows Defender flags ADRIFT Runner as malware

Post by dfabulich »

It complains about ADRIFT5Setup.zip as well.
User avatar
P/o Prune
Site Admin
Posts: 4671
Joined: Mon Jun 24, 2002 9:18 am
Points: 93
Location: Denmark

Re: Windows Defender flags ADRIFT Runner as malware

Post by P/o Prune »

I have the same message. but my other virus checker doesn't give any warnings.
I believe this is a known problem with Adrift (Unfortunately)
D-Day in progress 86Kb (Slowly drifting)
Just a Fairy Tale: 138Kb
User avatar
Lazzah
Moderator
Posts: 2408
Joined: Thu Mar 31, 2011 5:54 am
Points: 65
Location: Clacton-on-Sea, Essex

Re: Windows Defender flags ADRIFT Runner as malware

Post by Lazzah »

When my Defender flagged up the developer file as a "virus" I just clicked on "Run Anyway" and that cured the problem.
The Axe of Kolt, The Spectre of Castle Coris, The Fortress of Fear, Die Feuerfaust, The Lost Children, Run, Bronwynn, Run, The Call of the Shaman, The Lost Labyrinth of Lazaitch, Magnetic Moon, Starship Quest, Revenge of the Space Pirates
User avatar
Denk
Posts: 587
Joined: Mon Feb 22, 2016 6:21 pm
Points: 251
Location: Hjørring, Denmark

Re: Windows Defender flags ADRIFT Runner as malware

Post by Denk »

dfabulich wrote:I downloaded http://www.adrift.co/files/ADRIFT5r.zip in Google Chrome, and used it to extract run500.exe. Windows Defender flagged it as malware.

Threat detected: Trojan:Win32/Wacatac.D8!ml
Alert level: Severe
Date: 9/26/2020 11:42 PM
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.

I see that I'm not the first person to report that the runner gets flagged as malware, viewtopic.php?f=14&t=12652&p=107579&hilit=malware#p107579 but in this case, I don't think Windows Defender is being excessively cautious… it's identified an actual Trojan that matches this file.
Note that just because Windows Defender names the threat, it can still be a false positive. Actually, I have never seen a false positive, where the anti-virus program doesn't name the threat.

Unfortunately, we are used to false positives in the ADRIFT community. Perhaps because ADRIFT has been widely applied by the Adult IF community and because ADRIFT can generate Windows executable files, which do not require the Runner.

However, if you download version 5.0.35.3 of the Runner, that file has been around for 4 years, so most antivirus-programs knows it isn't a threat. So hopefully, your antivirus will regard it as safe.

"run-5.0.35.3.exe" can be downloaded here: http://www.adrift.co/files/old/
(please do not confuse with "run-5.0.36.3.exe")
----------------------------------------------------------------------
The Bash Saga:
1. The Dragon Diamond 2. The Way Home 3. Stone of Wisdom
----------------------------------------------------------------------
dfabulich
Posts: 8
Joined: Mon Oct 29, 2018 5:48 am

Re: Windows Defender flags ADRIFT Runner as malware

Post by dfabulich »

It would be cool if Campbell were to submit ADRIFT to the Windows Store. That would fix the false-positive issue.
User avatar
Campbell
Site Admin
Posts: 4727
Joined: Sun Jun 23, 2002 12:05 pm
Points: 0
Location: Edinburgh, Scotland
Contact:

Re: Windows Defender flags ADRIFT Runner as malware

Post by Campbell »

dfabulich wrote:It would be cool if Campbell were to submit ADRIFT to the Windows Store. That would fix the false-positive issue.
I didn't know this was a thing. I must be losing touch... :?
ADRIFT Developer developer.
Post Reply