starred/legacy-notepad
1
0
Fork 0
mirror of https://github.com/ForLoopCodes/legacy-notepad.git synced 2026-04-26 12:25:50 +03:00
Code Issues 2 Projects Releases 4 Packages Wiki Activity

[GH-ISSUE #26] Windows Defender flags legacy-notepad-x86.exe as Trojan:Win32/Wacatac.H!ml #14

New issue
Open
opened 2026-03-03 12:01:42 +03:00 by kerem · 3 comments
kerem commented 2026-03-03 12:01:42 +03:00
Owner
Copy link

Originally created by @adrianvicoh on GitHub (Feb 14, 2026).
Original GitHub issue: https://github.com/ForLoopCodes/legacy-notepad/issues/26

Originally assigned to: @ForLoopCodes on GitHub.

Hi,

I’d like to report an issue detected by Windows Defender on Windows 11.

A few days after downloading legacy-notepad-x86.exe, Windows Defender flagged the file as Trojan:Win32/Wacatac.H!ml. The detection occurred immediately after downloading the file, without ever executing it.

This issue does not occur with legacy-notepad-x64.exe, which is not flagged by Windows Defender.

I verified the integrity of the file and confirmed that the SHA-256 hash matches the hash published in the release.

Maybe it could be a false positive, but I wanted to report it for visibility.

I’ve attached screenshots from Windows Defender and VirusTotal for reference.

Thanks for your work, and please let me know if you need any additional information.

Image
Originally created by @adrianvicoh on GitHub (Feb 14, 2026). Original GitHub issue: https://github.com/ForLoopCodes/legacy-notepad/issues/26 Originally assigned to: @ForLoopCodes on GitHub. Hi, I’d like to report an issue detected by Windows Defender on Windows 11. A few days after downloading legacy-notepad-x86.exe, Windows Defender flagged the file as Trojan:Win32/Wacatac.H!ml. The detection occurred immediately after downloading the file, without ever executing it. This issue does not occur with legacy-notepad-x64.exe, which is not flagged by Windows Defender. I verified the integrity of the file and confirmed that the SHA-256 hash matches the hash published in the release. Maybe it could be a false positive, but I wanted to report it for visibility. I’ve attached screenshots from Windows Defender and VirusTotal for reference. Thanks for your work, and please let me know if you need any additional information. <img width="auto" height="400" alt="Image" src="https://github.com/user-attachments/assets/3f555ffe-390d-4aab-b424-3c5b2bd25c4a" />
kerem commented 2026-03-15 16:01:26 +03:00
Author
Owner
Copy link

@ForLoopCodes commented on GitHub (Mar 4, 2026):

Thanks for reporting this with screenshots.
I hardened releases: tagged builds now require code signing, release binaries/installers are signed, and SHA256SUMS are published per architecture.
I’ve also documented and the Microsoft false-positive submission process for Defender review.
Please re-check the next signed x86 release and confirm if detection is cleared.

<!-- gh-comment-id:3997015692 --> @ForLoopCodes commented on GitHub (Mar 4, 2026): Thanks for reporting this with screenshots. I hardened releases: tagged builds now require code signing, release binaries/installers are signed, and SHA256SUMS are published per architecture. I’ve also documented and the Microsoft false-positive submission process for Defender review. Please re-check the next signed x86 release and confirm if detection is cleared.
kerem commented 2026-03-15 16:01:31 +03:00
Author
Owner
Copy link

@adrianvicoh commented on GitHub (Mar 7, 2026):

Thank you very much.

It seems that Windows Defender no longer flags it as a trojan.

However, I scanned it again on VirusTotal and it is still detected as malware only by engines using the BitDefender engine. It still appears to be a false positive, since the main antivirus engines do not detect any issue.

Image
<!-- gh-comment-id:4017624229 --> @adrianvicoh commented on GitHub (Mar 7, 2026): Thank you very much. It seems that Windows Defender no longer flags it as a trojan. However, I scanned it again on VirusTotal and it is still detected as malware only by engines using the BitDefender engine. It still appears to be a false positive, since the main antivirus engines do not detect any issue. <img width="1249" height="836" alt="Image" src="https://github.com/user-attachments/assets/737f52ae-246b-4902-a54f-40d9acbe9f14" />
kerem commented 2026-03-15 16:01:36 +03:00
Author
Owner
Copy link

@ForLoopCodes commented on GitHub (Mar 8, 2026):

ill keep the issue open

<!-- gh-comment-id:4019614171 --> @ForLoopCodes commented on GitHub (Mar 8, 2026): ill keep the issue open
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
copilot/remember-window-size-position
copilot/fix-technical-font-display
copilot/change-default-font-settings
copilot/add-icon-change-feature
pr-9
feature/installer-and-updater
copilot/release-statically-linked-exe
v1.2.1
v1.2.0
v1.1.0
v1.0.0
Labels
Clear labels   
bug

   
bug

   
documentation

   
enhancement

   
good first issue

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
bug
documentation
enhancement
good first issue
good first issue
help wanted
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/legacy-notepad#14
No description provided.