Windows Defender now has WeMod marked as a trojan

Is this just a false positive or are you guys just sneakily throwing in some malicious things into the software now that it has a lot of users?

It is just a false positive. When did it appear? Can you post a screenshot of the detection?

you guys gotta get it whitelisted if it is a false positive.
i’ll be using just regular ass cheat engine until it’s fixed, i’m not adding any exclusions.

Frank submitted the review to MS earlier.

They removed the false positive. Running Windows update should do the trick. If not, try again in a day or so. Thanks for reporting!

1 Like

Updated Windows Defender Signatures today (see uploaded Screenshot, sorry for the german language). Zwischenablage01

Defender still blocks wemod installation (Screenshot in follow up reply because as new user I can only post one image here :roll_eyes:)

So either Microsoft has not removed the false positive yet or they have a valid reason to declarate wemod as a trojan.

Whitelisting wemod is not an option. Any whitelisting lowers security, so I won’t use wemod until defender says it is safe.

1 Like

Screenshot of the defender alert: Zwischenablage01

It seems like the detection is back. WeMod adds data to the end of the setup file to tell the app which game to open on startup and which channel to install (stable/beta). This makes every installer slightly different. This was never an issue till now.

1 Like

I submitted another false positive claim to Microsoft explaining how our installer works. Hopefully they actually read it and implement a real fix…

1 Like

Windows Defender uses heuristics (like most modern malware detection engines) and machine learning mechanisms in the cloud, similar to Office 365 defender ATP. This security mechanism makes Windows Defender a very powerful and reliable anti malware platform. If you’re using techniques that are normally used by malware like adding data to an executable, even if you do not use these techniques to do any harm to the users PC, defender will declarate your executable as malware. I am not sure if Microsoft can whitelist your app and I am also not sure if they’re willing to do this, as this may be a potential security breach for real malware. You should therefore consider implementing your software a different way. There is no need for legal software to use techniques normally used in malware. Oh and btw. I know what I speak of as I am a professional software developer myself.


We’ll have to see what they say. We’ve been using the same technique for years, and it has only become an issue after signing the installer with a new certificate last week (company name change). Our old company name had ten years of trust behind it.

Edit: Seems to be fixed now. Please try again!

It works, defender does no longer alert.

1 Like

I still have problems. I have downloaded the newest update of windows, but it still says is a trojan:dgh

Make sure you defender signature library is up-to-date.

oh thanks! worked!

So i had a very similar problem but by deactivating my Windows Defender it worked…well until it didnt anymore now when i wanna download it stp3 this comes and i am not a pc guys so i have no clue what do to now :s

Any chance you can open the setup log and share it here? :slight_smile:

Okay i was about to do it buuut…i dont know what happened but it worked somehow…and its working now i have no clue why its working all of a sudden xd

Hello, it seems that with the 5/5 update, Wemod is back to being listed as a Trojan.

@deafcadet, welcome to the community. :slight_smile:

What antivirus are you using, please?

If you are using Windows Defender - make sure your signature library is up to date. Click here for a link to a Microsoft support page which should help: