App Horizon

Windows Defender now has WeMod marked as a trojan

Screenshot of the defender alert: Zwischenablage01

It seems like the detection is back. WeMod adds data to the end of the setup file to tell the app which game to open on startup and which channel to install (stable/beta). This makes every installer slightly different. This was never an issue till now.

1 Like

I submitted another false positive claim to Microsoft explaining how our installer works. Hopefully they actually read it and implement a real fix…

1 Like

Windows Defender uses heuristics (like most modern malware detection engines) and machine learning mechanisms in the cloud, similar to Office 365 defender ATP. This security mechanism makes Windows Defender a very powerful and reliable anti malware platform. If you’re using techniques that are normally used by malware like adding data to an executable, even if you do not use these techniques to do any harm to the users PC, defender will declarate your executable as malware. I am not sure if Microsoft can whitelist your app and I am also not sure if they’re willing to do this, as this may be a potential security breach for real malware. You should therefore consider implementing your software a different way. There is no need for legal software to use techniques normally used in malware. Oh and btw. I know what I speak of as I am a professional software developer myself.

We’ll have to see what they say. We’ve been using the same technique for years, and it has only become an issue after signing the installer with a new certificate last week (company name change). Our old company name had ten years of trust behind it.

Edit: Seems to be fixed now. Please try again!

It works, defender does no longer alert.

1 Like

Hi!
I still have problems. I have downloaded the newest update of windows, but it still says is a trojan:dgh

Make sure you defender signature library is up-to-date.

oh thanks! worked!

So i had a very similar problem but by deactivating my Windows Defender it worked…well until it didnt anymore now when i wanna download it stp3 this comes and i am not a pc guys so i have no clue what do to now :s

Any chance you can open the setup log and share it here? :slight_smile:

Okay i was about to do it buuut…i dont know what happened but it worked somehow…and its working now i have no clue why its working all of a sudden xd

Hello, it seems that with the 5/5 update, Wemod is back to being listed as a Trojan.

@deafcadet, welcome to the community. :slight_smile:

What antivirus are you using, please?

If you are using Windows Defender - make sure your signature library is up to date. Click here for a link to a Microsoft support page which should help: https://support.microsoft.com/en-us/help/4027712/windows-10-update-windows-security-signatures

I just had defender say its a trojan and yes my defender IS up to date

It doesn’t matter whether your Windows Defender is up to date or not. It matters that your signature library is up to date, the two are different things.

Follow the link in the post given above for instructions on updating the signature library.

and then the admins delete a post of a person exposing what is going on and instead of replying to it explaining why you need to run those commands you censor what he said.
losing all of my trust in you guys instantly.

Both are up to date -_-

The user who made that post copied and pasted commands and URLs from the first Google result of the virus name.

https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/Trojan.PS1.LUDICROUZ.A

Completely unrelated to the WeMod installer.

We have a Pro subscription service. There’s no benefit for us to put a virus in the app. If you disassemble/decompile the installer, you can see that all it does is download the larger setup file, run it, then run WeMod.

I’m closing this topic because we are aware of the false detections from Windows Defender and are actively working on fixing it.

2 Likes