[GH-ISSUE #1162] netboot.xyz.iso triggers Windows Defender for [Trojan:Script/Wacatac.H!ml] #320

New issue

Closed

opened 2026-02-27 14:51:20 +03:00 by kerem · 6 comments

kerem commented 2026-02-27 14:51:20 +03:00

Owner

Copy link

Originally created by @runbgp on GitHub (Oct 12, 2022).
Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1162

https://boot.netboot.xyz/ipxe/netboot.xyz.iso

Downloading the above ISO triggers Windows Defender malware detection causing the download to be blocked and removed.

webfile: C:\Users\runbgp\Downloads\netboot.xyz.iso|https://boot.netboot.xyz/ipxe/netboot.xyz.iso|pid:1908,ProcessStart:133100606421088571

Originally created by @runbgp on GitHub (Oct 12, 2022). Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1162 https://boot.netboot.xyz/ipxe/netboot.xyz.iso Downloading the above ISO triggers Windows Defender malware detection causing the download to be blocked and removed.  ```webfile: C:\Users\runbgp\Downloads\netboot.xyz.iso|https://boot.netboot.xyz/ipxe/netboot.xyz.iso|pid:1908,ProcessStart:133100606421088571```

kerem 2026-02-27 14:51:20 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-27 14:51:20 +03:00

Author

Owner

Copy link

@antonym commented on GitHub (Oct 12, 2022):

More than likely it’s a false positive as I’ve seen in the past. https://github.com/netbootxyz/netboot.xyz/issues/781 Make sure you have the latest Defender and post your info for the definition files here so we can track.

<!-- gh-comment-id:1276530264 --> @antonym commented on GitHub (Oct 12, 2022): More than likely it’s a false positive as I’ve seen in the past. https://github.com/netbootxyz/netboot.xyz/issues/781 Make sure you have the latest Defender and post your info for the definition files here so we can track.

kerem commented 2026-02-27 14:51:20 +03:00

Author

Owner

Copy link

@runbgp commented on GitHub (Oct 12, 2022):

Agreed - certainly a false positive. I was able to isolate it to this specific security intelligence version shown in the screenshot below. After updating just now to 1.377.123.0 it's no longer detecting a false positive.

<!-- gh-comment-id:1276592227 --> @runbgp commented on GitHub (Oct 12, 2022): Agreed - certainly a false positive. I was able to isolate it to this specific security intelligence version shown in the screenshot below. After updating just now to 1.377.123.0 it's no longer detecting a false positive. 

kerem commented 2026-02-27 14:51:21 +03:00

Author

Owner

Copy link

@antonym commented on GitHub (Oct 12, 2022):

Thanks for the update!

<!-- gh-comment-id:1276700064 --> @antonym commented on GitHub (Oct 12, 2022): Thanks for the update!

kerem commented 2026-02-27 14:51:21 +03:00

Author

Owner

Copy link

@voltagex commented on GitHub (Oct 6, 2023):

<!-- gh-comment-id:1750327805 --> @voltagex commented on GitHub (Oct 6, 2023):   

kerem commented 2026-02-27 14:51:21 +03:00

Author

Owner

Copy link

@voltagex commented on GitHub (Oct 6, 2023):

I have submitted this as a false positive to Microsoft

https://www.microsoft.com/en-us/wdsi/submission/4a5b8b98-b5ff-4d5d-8fc3-55b6c98c951b

<!-- gh-comment-id:1750329746 --> @voltagex commented on GitHub (Oct 6, 2023): I have submitted this as a false positive to Microsoft https://www.microsoft.com/en-us/wdsi/submission/4a5b8b98-b5ff-4d5d-8fc3-55b6c98c951b

kerem commented 2026-02-27 14:51:21 +03:00

Author

Owner

Copy link

@voltagex commented on GitHub (Oct 6, 2023):

Looks like it's only the 1.399.129.0 definitions that were flagging it. Comes up clean on VirusTotal too.

https://www.virustotal.com/gui/file/4fee0b1b97e601600c3ea97e0c9362ff15498720218373aa4ed6b98957c246a2/behavior

<!-- gh-comment-id:1750345016 --> @voltagex commented on GitHub (Oct 6, 2023): Looks like it's only the 1.399.129.0 definitions that were flagging it. Comes up clean on VirusTotal too. https://www.virustotal.com/gui/file/4fee0b1b97e601600c3ea97e0c9362ff15498720218373aa4ed6b98957c246a2/behavior

kerem referenced this issue 2026-03-01 18:35:20 +03:00

[GH-ISSUE #320] Fedora Atomic URL broken #1670

kerem referenced this issue 2026-03-01 18:35:44 +03:00

[GH-ISSUE #574] request: add Fedora Silverblue #1716

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

development

copilot/add-doc-for-issue-1780

add-ubuntu-26.04

renovate/ansible-13.x

master

RC

changelog/3.0.1

feat/enable-rolling-builds

feat/secureboot-shim-devuan-kali

feature/secureboot-release-artifacts

copilot/sub-pr-1738

claude/issue-1703-20251117-0231

claude/issue-1703-20251117-0226

claude/issue-1703-20251117-0220

copilot/add-regex-manager-for-workflow-files

copilot/update-install-dependencies-step

copilot/fix-6503c0f7-4459-4828-8fe9-0b7f297ed932

claude/issue-1672-20250912-0331

testing

kairos_support

test

antonym/add-mac-pass

3.0.1

3.0.1-RC

3.0.0

3.0.0-RC

2.0.89

2.0.89-RC

2.0.88-RC

2.0.88

2.0.87-RC

2.0.87

2.0.86

2.0.86-RC

2.0.85

2.0.85-RC

2.0.84

2.0.84-RC

2.0.83

2.0.83-RC

2.0.82-RC

2.0.82

2.0.81-RC

2.0.81

2.0.80

2.0.80-RC

2.0.79

2.0.79-RC

2.0.78

2.0.78-RC

2.0.77-RC

2.0.77

2.0.76

2.0.76-RC

2.0.75

2.0.75-RC

2.0.74

2.0.74-RC

2.0.73

2.0.73-RC

2.0.72

2.0.72-RC

2.0.71

2.0.71-RC

2.0.70

2.0.70-RC

2.0.69

2.0.69-RC

2.0.68

2.0.68-RC

2.0.67

2.0.67-RC

2.0.66

2.0.66-RC

2.0.65

2.0.65-RC

2.0.64

2.0.64-RC

2.0.63

2.0.63-RC

2.0.62

2.0.62-RC

2.0.61

2.0.61-RC

2.0.60

2.0.60-RC

2.0.59

2.0.59-RC

2.0.58

2.0.58-RC

2.0.57

2.0.57-RC

2.0.56

2.0.56-RC

2.0.55

2.0.55-RC

2.0.54

2.0.54-RC

2.0.53

2.0.53-RC

2.0.52

2.0.52-RC

2.0.51

2.0.51-RC

2.0.50

2.0.50-RC

2.0.49

2.0.49-RC

2.0.48

2.0.48-RC

2.0.47

2.0.47-RC

2.0.46

2.0.46-RC

2.0.45

2.0.45-RC

2.0.44

2.0.44-RC

2.0.43

2.0.43-RC

2.0.42

2.0.42-RC

2.0.41

2.0.41-RC

2.0.40

2.0.40-RC

2.0.39

2.0.39-RC

2.0.38

2.0.38-RC

2.0.37

2.0.37-RC

2.0.36

2.0.36-RC

2.0.35

2.0.35-RC

2.0.34

2.0.34-RC

2.0.33

2.0.33-RC

2.0.32

2.0.32-RC

2.0.31

2.0.31-RC

2.0.30

2.0.30-RC

2.0.29

2.0.29-RC

2.0.28

2.0.28-RC

2.0.27

2.0.27-RC

2.0.26

2.0.26-RC

2.0.25

2.0.25-RC5LI

2.0.25-RC

2.0.24

2.0.24-RC

2.0.23

2.0.23-RC

2.0.22

2.0.22-RC

2.0.21

2.0.21-RC

2.0.20

2.0.20-RC

2.0.19

2.0.19-RC

2.0.18

2.0.18-RC

2.0.17

2.0.17-RC

2.0.16

2.0.16-RC

2.0.15

2.0.15-RC

2.0.14

2.0.14-RCZQD

2.0.14-RC

2.0.13

2.0.13-RC17N

2.0.13-RC

2.0.12

2.0.12-RC

2.0.11

2.0.10

2.0.10-RC

2.0.9

2.0.9-RC2N0

2.0.9-RC

2.0.8

2.0.8-RC

2.0.7

2.0.7-RC

2.0.6

2.0.6-R1-RC

2.0.6-RC

2.0.5

2.0.5-RC

2.0.4

2.0.4-RC

2.0.3

2.0.3-RC

2.0.2

2.0.2-RC

2.0.1

2.0.1-RC

2.0.0

2.0.0-RC

1.9.91-RC

1.9.9

1.9.9-RC

1.9.8-RC

1.0.0

1.9.7-RC

Labels

Clear labels   

Hacktoberfest

  

Hacktoberfest

  

bootloader

  

bsd

  

bug

  

confirmed

  

documentation

  

duplicate

  

enhancement

  

enhancement

  

enhancement

  

eol

  

experimental-merged

  

freebsd

  

help wanted

  

invalid

  

investigate

  

ipxe

  

linux

  

live-os

  

memdisk

  

menu

  

no-issue-activity

  

no-issue-activity

  

pull-request

Mirrored from GitHub Pull Request

  

released

  

todo

  

upstream

  

windows

  

windows

  

work-in-progress

No labels

Hacktoberfest

Hacktoberfest

bootloader

bsd

bug

confirmed

documentation

duplicate

enhancement

enhancement

enhancement

eol

experimental-merged

freebsd

help wanted

invalid

investigate

ipxe

linux

live-os

memdisk

menu

no-issue-activity

no-issue-activity

pull-request

released

todo

upstream

windows

windows

work-in-progress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/netboot.xyz#320

No description provided.