Windows Defender detects Trojan in 3.7.8

I tried to downloan 3.7.8 earlier today (64 bit Windows version) and Windows defender finds a trojan called Win32/Caynamer.A!ml and prevents it from running. Is this a known issue?

Indeed–antivirus false positives and Windows Defender woes are so common that most of the Troubleshooting topic is devoted to them.

1 Like

I got the same Windows Defender message. This is the first time i’ve ever had Defender find something in a downloaded file. The troubleshooting topic is mostly about Defender putting up the generic warning, not that it’s actually found something. Can anyone else confirm that this is indeed a false positive?

You can confirm that this is a false positive:

We don’t publish releases containing malware or viruses, so the task is to check if you actually have the file we published.

We publish the SHA256 hashes of the release packages along with every release. On the release page, you can see the file containing the hashes:

Compare the expected hash (listed in the file) with the actual hash of the file you downloaded. If they match, then you have downloaded what we uploaded. If the hashes do not match, you do not have what we uploaded, and you should not try installing that file—it’s either corrupt or has been tampered with.

If you need something which will compute the SHA256 hash of a file, you could try VirusTotal, which is a tracker for suspicious files, malware, etc.

When I upload VASSAL-3.7.8-windows-x86_64.exe to VirusTotal, I see this:

The string of digits and letters is the SHA256 hash of the VASSAL-3.7.8-windows-x86_64.exe file. If you check the hash VirusTotal computed against the hash we published, you’ll see they’re the same.

I encourage you to check the hash if you suspect you have a bad download.

Additionally, please report false positives to your anti-virus vendor. The only people who are in a position to make these reports are the people experiencing the false positives. It’s the only influence we have for stopping false positives.

1 Like

Thanks very much for the clear explanation. I compared hashes and they matched so no issue there. As well as the false positive my Windows Defender must have been set to auto-remove threats so I briefly turned that off to download and run the file and all works fine.
I’ve reported the false positive to Microsoft

1 Like