Windows reporting Behavior:Win32/DefenseEvasion.A!ml with the latest update

Homepage Forums Technical Support Windows reporting Behavior:Win32/DefenseEvasion.A!ml with the latest update

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #204830
    moarveer
    Participant

    I can imagine it’s a false positive, it’s detecting it with this file: C:\Program Files (x86)\Animation Labs\vorpX\vorpConfig.exe .

    #204832
    Ralf
    Keymaster

    As always this is a false positive. Also no problem with the latest Defender definitions as far as I can tell. Neither with the local Defender definitions nor with the cloud service enabled.

    Try a manual Windows update search to get the latest Defender defintions.

    In general it makes sense to exclude the vorpX program folder from AV scanners, typically that’s C:\Program Files (x86)\Animation Labs\vorpX

    #204841
    moarveer
    Participant

    Yeah I’ll try that, even in the defenseevasion description on windows says it’s something that could be malicious, but not that it has actually detected real malware, I just wanted to point it out if it can be of any help.

    #204857
    Eincrou
    Participant

    I just had a much more problematic false positive detection by Windows Defender. It rated the threat as “Severe” and took the step of quarantining vorpConfig.exe.

    Windows Defender: Trojan:Win32/Zpevdo.B

    #204858
    ParadiseDecay
    Participant

    Same here and my Windows Defender deleted VorpX, having to request a NEW copy.

    #204860
    Ralf
    Keymaster

    This shit drives me crazy one day. I even removed the .exe compression from the config app for this release to make false positive detections less likely…

    I’ll submit the sample as false positive to MS ASAP. Hopefully this will be resolved by tomorrow. Until now they always were fairly quick when stuff like this happened. Fingers crossed.

    BTW: No need to reinstall vorpX. You can restore quarantined files in the Defender settings. Afterwards ideally exclude the vorpX program folder from Defender. Typically that would be C:\Program Files (x86)\Animation Labs\vorpX\

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.

Spread the word. Share this post!