PureBasic Forums - English

I had to create an exception in Windows Security to allow PB to run, it says it has a virus, Trojan:Script/Wacatac.B!ml. Windows called it severe.


// Moved from "Bugs - Windows" to "General Discussion" (Kiffi)

Not with Avira ...

No issue here on Win 10 Pro. Just had to allow it to run from the SmartScreen prompt. My AV is Windows Defender.

Note: My experience is for the Setup.exe and all exe files used by PureBasic. What file is reported as severe for you? Setup.exe? PureBasic.exe? FAsm.exe? PBCompiler.exe?

So does Avira take over for Windows Security and turn it off?

Windows Security said Purebasic.exe had a virus.

If you use a third-party antivirus program, Windows Defender is disabled. If you temporarily disable the protection of a third-party antivirus, the defender will turn on again. That's why using a third-party antivirus program eliminates some problems with Windows Defender.

I did not have this problem when installing 6.10, but ran into this same false positive for PureBasic_Compilation0.exe . Reported by Windows Defender. It first appears in my history list on Dec 29. The quarantined path was C:\Users\PC\AppData\Local\Temp\PureBasic_Compilation0.exe . I was using PB 6.10 beta 1 with 64-bit ASM to test the new date functions and not saving the one-line source code which was Debug FormatDate("%dd/%mm/%yyyy",Date(1951,12,15,0,0,0)).

I also saw on the same day for the same path a false positive for /Sabsik.FL.A!ml .

There are no reports in my Defender history of any false positives for either of these prior to Dec 29.

Today, Jan 1, I picked up another false positive for Wacatac.B!ml in an old program dated 2017 compiled by PB5.51. It is only happening with one of a dozen exe's compiled at the same date with the same version of PB.

I personally do not think this is a bug as such, but may be caused by the large libraries now included in PB compilations. A very small program I have compiled to 9k with PB6.04 but 148k with PB6.10. Hybrid-Analysis reports most of my PB programs as suspicious or infected citing the large number of normal functions contained in the exe, many of which are not used by my source code.

DeanH wrote: Mon Jan 01, 2024 1:20 am ... but may be caused by the large libraries now included in PB compilations.

The problem is mainly caused by poor anti-virus programs. Use an AV program that is less aggressive, e.g. Panda Dome (free).

Dear windows ppl, you are probably loathing me after all the mac sh*t I posted, anyway:

I suspect this can be related to PB's "strange hijacking" of the keyboard… example (mac): option-something would normally produce a weird symbol, but in PB you can set it as shortcut; I witnessed total loss of keyboard just after assigning a shortcut…...

PS: what about https://www.virustotal.com/ ?