Known issue: Windows Defender flagging products as Trojans

So from that I understand that you are not shure if this is a virus or not!

@Hayo_NI

thanks for info, here an info you & your tech-team can need:

it´s NOT an pure Native-Access-Issue, because the same alert is within the IK-Product-Manger from IKM-Italy (and I don´t think that you´ve given them the NA-Code ;) )

there is a little chance, that you and they got the same attack, but for logical would be an MS-problem

regards from Germany

The Sarge!

I'm not even seeing the latest Massive X 1.4.3 update here in Native Access 1, on Windows 10.

Do I need to update to Native Access 2 to get current updates?

same here, so what to do now?

This is the kind of post I've been waiting for, because

"... we've scanned our product installers and we're convinced there's no malware or virus in them"

• explains why you haven't paused the Native Access updates distribution

"Seems like it's a Windows thing but we still have some angles we're investigating."

• explains why you haven't simply called it a false positive, and why you've not yet said what made it happen.

"We're also trying to find a good workaround but the ones we found are inconvenient thus far."

• explains why there's no official solution so far.

So thank you for this informative post! 👍️

And a small additional note:

Since Defender actually flags the product specific installer packages, and not Native Access, many individuals (including me) have been searching and posting in the appropriate product specific sub-forum/category, rather than the NATIVE ACCESS category.

For example in my case, I clicked the Install All button, and the installers for Komplete Kontrol and Massive X completed successfully, but then the Maschine 2 installer threw the error. So my natural instinct did not associate the issue with something common to Native Access, but with something rather specific to Maschine. And so I only looked in the Maschine forum without realizing that this issue was also happening on other installers for some other users.

So to make life easier for your users, it might be great, if you made this thread (and relevant followups) also visible in the each of the affected individual product categories. Or if that's not possible, maybe have a sticky post pointing to this thread in each relevant product category.

Thanks again!

Thanks for your kind reply @Hayo_NI

Just as an update to how things have evolved on my particular system - AMD Ryzen 7900x, Win 10H2 (OS Build Build 19045.2673):

• up to and including yesterday, Microsoft Defender flagged and quarantined the Machine 2 installation via Native Access, and Native Access' installation failed
• today (maybe after another Defender definitions update - or just by chance), Defender still flagged and quarantined the installation zip file, but interestingly enough, the installation of the Maschine 2 update went ahead and apparently succeeded. (This is consistent with one or two other users' experience I've read over the last couple of days). One explanation might be that on a modern multi-core and multi-thread system there's a racing condition between the anti-virus and the de-compression and sometimes one happens first and sometimes the other. This could make a difference if the .zip file does trigger Microsoft Defender's flagging, while the extracted .exe file does not. -- So I continued to confirm or deny that theory:
• I retrieved the quarantined zip file and extracted it via 7zip to a separate folder.
• Then I ran the extracted Maschine 2 2.17.0 Setup PC.exe through a manual Microsoft Defender scan. It returned: 0 threats found and 3368 files scanned. -- ahhh - the installer does look clean!
• And just while I was at it, I also decompressed the .exe file (also using 7zip) and initiated yet another Microsoft Defender scan on the resulting folder. It returned 0 threats found and 2780 files scanned. Fewer files presumably because I have a number of extensions like .png files excluded from scanning. - it confirms that all of the now fully decompress installer files are deemed clean.
• Then I compressed the previously decompressed .exe file again (using 7zip "normal" compression) and initiated a Microsoft Defender scan on the resulting zip file. It returned 0 threats found and 3369 files scanned. Presumably the extra file is the zip file itself. -- this seems to further confirm that the problem might be a the final compression to zip with very specific parameters causes the flagging, while other compression parameters do not.
• Then I compressed the .exe file again, but with the regular Windows compression via right clicking on the file and initiated a Microsoft Defender scan on the resulting zip file. It also returned 0 threats found and 3369 files scanned. Again, presumably the extra file is the zip file itself. -- More strengthening of evidence that it's just the parameters of the final compression algorithm ends up generating something in the final .zip file that trigger Defender's flagging.

So to me it looks like something the the final compression to zip creates a string that sets off Defender's alert. But the .exe and the files it includes are deemed entirely clean. -- So now I'm satisfied enough that indeed this is a false alarm by Microsoft Defender.

Just as a final test, I ran another scan on my system after the successful install of the Maschine update and the scan came back entirely clean. -- So now I truly share your evaluation that the installer is just fine.

Of course, this may all be already obvious to you and the technical team working on this.

However, I still documented my findings and thinking here, since it may help other readers of this thread to come to their own conclusion or even run a similar sequence of tests on their own system.

I generally try to explain how I came to a conclusion, rather than saying "everything is fine" or being silent for too long. I just think it makes it easier for readers to follow along and maintain trust.