Microsoft Defender detects Trojan script on update file of Massive X

NinkSink · March 2023

SAME ISSUE... Windows 10.

Kontakt_7_Installer.zip

and the Massive one and one other that I just plain destroyed without prejudice.

I email some probably useless email that starts with "info"...

Well at least I am not alone in the hospital of Trojan Hell.

LostInFoundation · March 2023

Ok…I give up. You don’t even read what I say. I talk about “just showing up” (maybe saying “don’t install at the moment”, “just wait a couple of days” or literally ANYTHING…) and you comment with “nonsensical ranting” and blaming users making “simple questions”

And…yes there is a difference between the one man selling his app for 20 bucks and the company with “millions of users”…and it is that they collected a lot of money, which should also be used to guarantee the users with a good product and good support. But you think it’s only profit for them, not even responsibility…

Now I know why they act like this: you agree with them and with “how large corporations driven by investors and profit margins work”. So…why should they act differently ?

But…once again: I don’t come to forums to argue with other users, but to help others/find solutions or eventually to send a message to the company if I think they are not acting correctly.

So…you are right. Peace out ✌🏼

JesterMgee · March 2023

https://community.native-instruments.com/discussion/comment/60199#Comment_60199

Calm down there big fella, you will do yourself an injury.

I agree with you in some respects especially on the way some things are handled but was just pointing out with your argument about the little dev that can change the world, it's much easier to make a decision when you do not have to run up the chain of command and ask for resources to do so... There are a lot of things that go on back there that take time, not sayin we have to like it but it's what happens.

If this issue was a case of an actual hijack of the executable and was malicious then you can guarentee it wouold already hvae been pulled and a statement issued, but because it was acknowledged at least 2 weeks ago this is more a case of false positive which is always a possibility and not entirely NI's fault, for all we know there could be some update to the definitions of defender that were never picked up on in testing so it's more a caution.

Now, if discussion about the things you say isn't something you like to engage in, prob best to not open discussions on the internet. Don't always assume a voice in a discussion is someone arguing with or attacking you just because they don't immediately agree with everything you say. No hard feelings :)

Kymeia · March 2023

https://community.native-instruments.com/discussion/comment/60175#Comment_60175

You have it back to front - those updates are what sparked the alerts that were then posted here and NI said they would investigate.

nico5 · March 2023

https://community.native-instruments.com/discussion/comment/60211#Comment_60211

I got an Native Access update triggering the alert on March 25. That's 8 days after after the original report on March 17 and 5 days after the statement that the Installer team was aware of the issue on March 20.

So there were 5 days of "awareness" to either pause the Native Access updates or make a public official statement.

Kaiwan_NI · March 2023

Hi all, thanks for the report. Confirming that the Native Access team is aware of the issue and we're working on a fix. We'll update here again once the issue is fully resolved. Sorry for the inconvenience!

Kymeia · March 2023

Or 5 days to investigate what was going on as the first report was just for one or two releases, but then others came in over those 5 days. I'm sure initially it probably seemed like it was just an anomaly, the issue became worse as other reports came in over those subsequent days. Anyway the problem is still primarily Microsoft's - have they released anything about it? NI support are continuing to post comments on this as we discuss this btw:

https://community.native-instruments.com/discussion/11594/trojan-script-wacatac-on-update-file-of-kontakt-7-detected-by-windows-defender

https://community.native-instruments.com/discussion/11645/massive-x-failed-installation-message#latest

nico5 · March 2023

https://community.native-instruments.com/discussion/comment/60219#Comment_60219

5 days to investigate without either saying "false positive" or pausing updates seems like either a failure of communication or a gamble with users' computers.

And the poor community team is left with the sad task of having to calm users without really saying anything.

Native Instruments can count themselves lucky, that a Mac user is strongly saying there's no problem for Windows users.

I'm genuinely hoping, that this is indeed a false positive by Microsoft's heuristic algorithms, but NI not saying so, is not building my confidence so far.

So I'll be standing by until either I hear something offical from NI or that Windows Defender stops complaining.