top of page

False Virus Flagging

Hey everyone,


just wanted to write this because I've been noticing an increase in false positives for viruses in some of my mod files. I noticed that it's not just mods; if I package a zip archive of just images, it's been getting flagged as a virus as well.


TL;DR: My files don't have viruses, guaranteed. If you're being prevented from downloading and installing the mod, please temporarily disable your anti-virus but don't forget to RE-ENABLE once you have the mod downloaded. In addition, I won't be re-uploading files to fix a "ghost" issue. Re-uploading takes A LOT of my time because my re-upload speeds are bad and I have to re-upload for MediaFire, Google Drive, and MEGA.


You are free to use any external program to scan and verify that the file is cleaned by the way.


As an explanation (credit to Sun Rider for the information), Windows Defender has been struggling to correctly identify false positives, especially with zipped files. Windows Defender uses machine learning to detect threats, and it does this by looking for patterns in data. If you change it even little, then Windows Defender may not be able to recognize it as the same software anymore. This is because the patterns in the data have changed. As a result, Windows Defender may flag the zipped software as a threat, even if it is not actually a threat. This is known as a false positive. If receiving a "Trojan:Script/Wacatac.H!ml alert" it is likely due to Windows Defender not being able to recognize the compressed file. Compressed files can change the patterns in the data that Windows Defender uses to detect threats.


I've been hearing about other authors having the same issue. Not sure if it's something that will eventually be fixed by Microsoft but it looks like someone has already submitted a ticket explaining the issue and even submitted their own mod to see why it's being flagged.


Anyway I just wanted to quickly write this post just to ease some of the concerns for the people that were getting the virus alerts for my mod. Feel safe to download them.

2,118 views5 comments

5 Comments



There is a virus that is attracted to SunJeong.

Like

Victor Miles
Victor Miles
Oct 23, 2023

seeing that you closed commissions i am really glad i got that kuun one done

Like

Rainnifer
Rainnifer
Oct 23, 2023

Yes this has been a problem that plagues various other modders as well, I come across it quite a few times as I like to collect all the various outfit mods people create.


It is indeed a false positive and what you (the users/downloaders) can do is temporarily disable the anti-virus to download it, then you can extract the mod and delete the original zip. Then zip the mod up into a new one, this will freshly fix the zip so it won't be flagged anymore when you re-enable your anti-virus.

Like

Sun Rider
Sun Rider
Oct 16, 2023

Recently this situation has become very annoying for you, Users have no idea how much you tired of that anymore. This blog may be helpful. Every time, you have to unnecessarily repackaging the same file and upload the same file again because of this problem. The same file is key word here. Totaly waste of time. Hope the problem will be solve soon.


Users can download the mods with no worries. If the detection ID ends in "ML"(as in this case: Wacatac.H!ml), it means that it was detected by machine learning. False positives are common in ML detections, especially with Defender. My suggest is that "they should disable Windows Defender then download mods. If they want, they can always scan the files themselves…


Like

SunJeong
SunJeong
Oct 16, 2023

Apart from re-uploading, if there is anything I can do to maybe solve this, feel free to let me know. Seems to be hit or miss with the mods and it's kinda random from what I've seen.

Like
bottom of page