Windows Defender false positives
Added 2025-08-17 19:33:02 +0000 UTCUpdate 3: Finding more instances of similar issues: https://www.reddit.com/r/WindowsHelp/comments/123djku/windows_defender_finding_trojans_in_my_own_zip/
Update 2: It seems that the new file that was working ok for me still gets flagged for at least one person, so I created a newer one on my phone, which didn't get flagged anymore. I updated the link in the original v0.7.0 post to this latest file. I'd be grateful if you could let me know if this one still causes issues for anyone (please post a comment if you get any reaction from Defender). If not, I'll stick to using my phone from now on for creating the distribution .zip file (or change the format to .7z)
Update 1: I was able to find what triggers Defender after, on a whim, trying a different compression level on the file. Seems Ultra compression that's offered by 7Zip is something that Defender doesn't like at all. If I compress it using e.g. Maximum, or Normal, or if I use the Windows compress utility in Explorer, then Defender calms down. Lesson learned, will only use that from now on.
Leaving the older part of the post up for transparency:
Something to be aware of. This has happened a few times in the past, and it seems it pops up occasionally, so I'd like to address it.
This is about Windows Defender randomly identifying the game as a trojan, or some other kind of malware. Previous reports mentioned Trojan:Script/Sabsik.FL.A!ml.
I am running Windows Defender on my own machine, where I code and build the releases, and I scan it regularly. I have repeatedly scanned the downloads for potential threats, including online, and I have found none. I do take things like this seriously.
I was able to reproduce the Windows Defender warning myself once, with the same file that I first scanned, then uploaded to Mega, and downloaded again immediately after. In the downloaded instance Windows Defender screamed bloody murder. I scanned the file using an online antivirus, with the file turning out clean. It was also identical to the source file. That one Windows Defender was a-ok with. Then I deleted and re-downloaded the file, and magically the warning went away.
I then started investigating why the random nature of this detection, and I found out that the !ml at the end of the malware signature seems to mean that in these cases the identification happens using machine learning, which for simplification reasons means it relies on an AI to detect the threat.
See for example: https://learn.microsoft.com/en-us/answers/questions/4035275/windows-defender-win32-wacatac-b-ml-false-positive or https://developercommunity.visualstudio.com/t/Trojan-Warning-on-own-Software/10602751
It also happens for some people, and not for others. If this were a real threat, it would be identified consistently and generally by all users downloading this file. People would be up in arms, and for good reason.
Comments
Yeah I did a bit more digging. It's nothing to do with Mega, and the file does not change between uploads and downloads. It's actually whenever I turn on ultra zip compression in 7Zip. If I compress the game using the Windows compress, or even still in 7Zip but with anything lower than ultra, Defender calms down. Therefore I have now replaced the file with one that's slightly larger, but doesn't cause Defender to throw a tantrum.
Andrei D
2025-08-18 05:23:58 +0000 UTCThanks for checking this. It is reassuring, to some degree, to know that it's a false positive, though it's also concerning that Windows Defender is inconsistent with its detecting. The only other avenue I'd check, if you haven't already, is any kind of possible corruption happening on Mega's side. I remember a major file distributing site a couple years back, though I can't remember which one, had much of their hosted content infected with malware, so it's not completely out of the realm possibility that something is happening on their end.
Alexander Winn
2025-08-18 00:52:48 +0000 UTC
