Jump to content

Win32/Wacapew.c!ml


Recommended Posts

Windows Defender showed a "This program has potentially unwanted behaviour"-warning that refers to Win32/Wacapew.C!ml
Vainly tried to find this file. The affected file was a self extracting .exe of a plain text file that I created myself. Defender has blocked the file and required me to scan the system.
I did so.

Probably everything is okay now.

The thing I was wondering about is why Emsisoft didn't come in here. Maybe I am wrong, but I assumed that Emsisoft did the virus protection part and the firewall part was left to Windows Defender(?)
I believe even searching the Emsisoft website did not show any hits on Wacapew.

Thanks.

 

Link to comment
Share on other sites

> Vainly tried to find this file

It's not a filename/filepath on your system, but the name of a signature, ie a set of characteristics that tend to point towards the presence of a specific form of malware.

 

> The affected file was a self extracting .exe of a plain text file that I created myself.

Possibly the detection was a "false positive", that is something about your plain text file made Defender think it was, or resembled part of a malicious file.  Bear in mind that scripts are plain text files.  A file being plain text tells no-one anything about what it actually contains.  Eg shell scripts, perl programs, python programs etc are all "plain text" but that doesn't necessarily make them innocent.

Also, PUPs (potentially unwanted programs) are typically programmers' or hackers' tools - things that in the hands of techy people might be perfectly innocent.  I've lots of these on my systems - but I know what they do and use them with care.  Such programs are dangerous if used by people who have no idea what they can do.

I have no idea how you'd inform Microsoft that a file detected by Windows Defender is a FP (ie false positive).  Google might help on that.

 

> The thing I was wondering about is why Emsisoft didn't come in here.

Emsisoft support need to comment on that.  It might depend on the characteristics of the self-extracting .exe.  How did you create it?  Maybe the tool that created it creates the self-extracting exe in a way that, when it is run, it is monitored by WD when it unpacks whatever is inside it?  As far as I'm aware, EAM doesn't necessarily see every type of file being extracted from every type of .exe. 

 

Link to comment
Share on other sites

Thanks. I didn't know that, to be honest. ("name of a signature"... etc.)

As for the plain text file, it is/was simple text, no scripts or something special. No doubt it was a false positive. It can be that some AV software are stumbling over such self extracting files with 'potentially unwanted behaviour'.

As said, I'd expected this from Emsisoft rather than from WD.

Then again, WD reports that actions are recommended, but leaves the user puzzled as to what exactly the user is required to do ... 🙂

 

 

Capture-07062021 060743.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...