Known issue: Windows Defender flagging products as Trojans



  • Raikro Scorp
    Raikro Scorp Member Posts: 23 Helper

    Dear @Hayo_NI,

    Just wanted to let you know that I have been able to update Maschine Software after installing windows update KB5023773 tonight.

    Regarding Massive X, it has given me a new error this time: Trojan:Script/Sabsik.FL.B!ml

    Thanks for your cooperation.

    Best regards from Barcelona,

  • Vladyk _Dj
    Vladyk _Dj Member Posts: 100 Helper
    edited March 29

    It just happened in this archive a combination of a code, a sequence of numbers and letters with a code in antivirus databases which is added, or it's not a virus at all, it's just that the Microsoft antivirus analyst secretly considered this code to be a virus, and the programmers made an antivirus database based on it.That their technology has found on the network, then the onus is on the antivirus analyst, he studies and checks these codes, makes sure that it is a virus, then sends this data to the programmers, and they create antivirus databases according to those data.where known viruses are sent to an antivirus analyst for research, and some viruses are not known, their technology searches for new viruses automatically on the Internet and throws the found codes into a folder.

  • Hayo_NI
    Hayo_NI Product Team Posts: 211 mod

    Hey all, a final update on the matter:

    • It's a Windows Defender issue. We can assure you our installers are safe, and that the flags are false positives. We're noticing a decreasing trend of users getting affected and will continue to do research, but it seems as though keeping up to date with the latest version of Windows Defender should solve the problem.
    • If you still prefer to manually install them, know the workaround our customer support team will give you is not 100% reliable, but feel free to reach out to them here.
    • Native Access 2 recently released its 3.2.1 update. This hotfix does NOT address any antivirus issues. Just wanted to clarify that.

    This will be my last update on this matter for now. Should anything come up I'll make sure to update this thread again, but for now, keep your Windows Defender up to date.

    Thank you all for bearing with us! We really appreciate your patience on the matter!

  • Andrew Koenig
    Andrew Koenig Member Posts: 12 Member
    edited March 29

    I just updated Windows Defender and the problem hasn't gone away. Moreover, it now extends to a newly presented update to Sonic Couture Glassworks..

  • danimusicos
    danimusicos Member Posts: 1 Newcomer

    salut moi c'est en mettant à jour kontakt 7 que defender bloque en signalant un trojan :script/wacatac.htm. j'ai autorisé, j'espère que native ne se plante pas !

  • Vladyk _Dj
    Vladyk _Dj Member Posts: 100 Helper
    edited March 29

    Try to download installers in Native Access without an archive,Windows Defender blocks only the archive when the installer is in the archive and temp files, temporary files that the installer creates at startup. But the archive archives the data, compresses the data, changes may occur in the code, here the antivirus may mistakenly block this file, consider it not security, these changes, because the archiver determines the general code of the installer and its size, begins to compress this installer so that it takes up less space, and the structure is already changing, because changes have been made, the size has changed, when you unzip the file, this structure and the size of the file that was at the time of default is returned. And it blocks temporary files, because the antivirus is built in such a way that all files from the temp folder are blocked and deleted, because they may contain viruses.

  • Vladyk _Dj
    Vladyk _Dj Member Posts: 100 Helper

    If without an archive it will block Windows Defender, then during the download changes are made to the general code of the installer, then it is necessary to figure it out on the server.

  • wetdentist
    wetdentist Member Posts: 13 Member
    edited March 29

    i just can't believe that this hasn't all been sorted out yet. last night, i tried updating Massive X again & had the problem again (i think this was the 5th or 6th time i was prevented from updating NI software in the last few days). the problem is still very real. but at least the buck has been passed over to Microsoft, who I am sure will be very motivated to fix it! SMH

  • chk071
    chk071 Member Posts: 298 Pro

    I was able to install the latest Massive X update now, after updating the virus definitions of Defender. This is the version which is installed here:

  • Hayo_NI
    Hayo_NI Product Team Posts: 211 mod

    @Vladyk _Dj Behind the scenes our teams are working on turning to Slim content installers, but it's a different install method that our teams need to support. We also have a large catalog of products each with their own file structure and product type, so it's not so easy to mass migrate. We have a few products that work with this technology out there and we're preparing the rest. Hopefully in the future it'll solve the issue altogether, but this is not something that's done in a week.

  • Andrew Koenig
    Andrew Koenig Member Posts: 12 Member

    Still failing on the most recent Kontakt 7 update.

  • Daru925
    Daru925 Member Posts: 6 Newcomer
    edited March 30

    Tried to update again today with newest defender and it still continues to flag massive X 1.4.3 and now the newest Kontakt 7.2.0 updates too as wacatac.h!ml trojan.

    Not a biggie, the old versions work. I'll try again later.

  • The Sarge
    The Sarge Member Posts: 83 Helper

    get an email very late (nearly midnight in Italy o.O ) from IKM, so they worked on the thing too and can confirm for their product: it´s false positive and I can disregard it.

    so let´s sit & wait for MS-Defender-fix

  • Kubrak
    Kubrak Member Posts: 2,579 Expert
    edited March 30

    Win 10 Home. NA2 has installed Massive X successfully.

    Installation of Kontakt 7 Player has failed.... No real problem for me....

  • Thalys
    Thalys Member Posts: 1 Newcomer

    As it is confirmed to be a "false positive" you can always temporarily disable Windows Defender online protection to perform the installation/update or wait for a Microsoft fix.

Back To Top