Windows Defender says there is "Wacatac" trojan

After I downloaded NetScanner version 8.2.3 from the official download page, our Microsoft Defender with a paid licence began telling us that netscan.exe file is infected with Wacatac trojan.

When I checked the file in VirusTotal, only ESET said its a virus. Microsoft and all other antivirus vendors were OK. I am aware that ESET is unreliable, but I am concerned about Windows Defender.

Then I asked my colleague to check the file on his computer. His Windows Defender showed "Win32/Wacatac" trojan, and Sophos AV also flagged the file.

Unfortunately we cannot add NetScanner to exclusions/whitelist because Windows Defender is blocking it.

We understand your concern, and we want to assure you that this is a known issue referred to as a "false positive". False positives occur when antivirus software incorrectly flags a legitimate application as malicious. This can happen to any application, not just out products.

The detection by Windows Defender as "Wacatac" is due to the limitations of machine learning algorithms used by some antivirus programs. If you search online for "Win32/Wacatac" or "Script/Wacatac", you will see that it is frequently associated with false positives.

Network scanning tools often get flagged because they have capabilities that can be misinterpreted by antivirus software. Terms such as "NetScanner", "NetScan", "NetTool", "Hacktool", "Unwanted", "PUA", "Potentially Unsafe", "Riskware" or even "Trojan" are commonly used in these cases. However these tools are instead designed to assist network administrators in maintaining secure and efficient networks. Their purpose is to help network administrators to discover and remove network vulnerabilities before any malicious actor can exploit them.

We recommend submitting netscan.exe file to Microsoft as a false positive detection. This can help improve their detection algorithms and prevent similar issues in the future. Once Microsoft fix their erroneous detection, they should remove the file block as well.

What about you re-write your installer in a way it does not conflict with world accepted security policies?
Since I have also paid for it I expect more effort from your side with a well known issue.

Thank you

John

We regularly work with antivirus vendors to reduce false positives. Our installer and application are fully transparent. There is no encrypted code, and all files are digitally signed with an EV certificate, offering the highest level of publisher verification available.

Unfortunately, some antivirus engines still flag it due to behavioural heuristics, as it includes functions like port scanning and device probing - features often misinterpreted as malicious.

If you have a specific suggestion on how to better align with security policies without removing core functionality, we will be glad to hear it. As obviously we cannot simply remove the essential network-scanning features from the Network Scanner installer, even if some antivirus engines don't like them.