[GH-ISSUE #1162] netboot.xyz.iso triggers Windows Defender for [Trojan:Script/Wacatac.H!ml] #320

Closed
opened 2026-02-27 14:51:20 +03:00 by kerem · 6 comments
Owner

Originally created by @runbgp on GitHub (Oct 12, 2022).
Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1162

https://boot.netboot.xyz/ipxe/netboot.xyz.iso

Downloading the above ISO triggers Windows Defender malware detection causing the download to be blocked and removed.

image

webfile: C:\Users\runbgp\Downloads\netboot.xyz.iso|https://boot.netboot.xyz/ipxe/netboot.xyz.iso|pid:1908,ProcessStart:133100606421088571

Originally created by @runbgp on GitHub (Oct 12, 2022). Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/1162 https://boot.netboot.xyz/ipxe/netboot.xyz.iso Downloading the above ISO triggers Windows Defender malware detection causing the download to be blocked and removed. ![image](https://user-images.githubusercontent.com/99215336/195379163-0f2865b1-75d5-4c4e-b402-be0cd3491bb2.png) ```webfile: C:\Users\runbgp\Downloads\netboot.xyz.iso|https://boot.netboot.xyz/ipxe/netboot.xyz.iso|pid:1908,ProcessStart:133100606421088571```
kerem 2026-02-27 14:51:20 +03:00
  • closed this issue
  • added the
    bug
    label
Author
Owner

@antonym commented on GitHub (Oct 12, 2022):

More than likely it’s a false positive as I’ve seen in the past. https://github.com/netbootxyz/netboot.xyz/issues/781 Make sure you have the latest Defender and post your info for the definition files here so we can track.

<!-- gh-comment-id:1276530264 --> @antonym commented on GitHub (Oct 12, 2022): More than likely it’s a false positive as I’ve seen in the past. https://github.com/netbootxyz/netboot.xyz/issues/781 Make sure you have the latest Defender and post your info for the definition files here so we can track.
Author
Owner

@runbgp commented on GitHub (Oct 12, 2022):

Agreed - certainly a false positive. I was able to isolate it to this specific security intelligence version shown in the screenshot below. After updating just now to 1.377.123.0 it's no longer detecting a false positive.
image

<!-- gh-comment-id:1276592227 --> @runbgp commented on GitHub (Oct 12, 2022): Agreed - certainly a false positive. I was able to isolate it to this specific security intelligence version shown in the screenshot below. After updating just now to 1.377.123.0 it's no longer detecting a false positive. ![image](https://user-images.githubusercontent.com/99215336/195423176-bb3c0d5f-0a34-40d5-b67c-76c041cf383e.png)
Author
Owner

@antonym commented on GitHub (Oct 12, 2022):

Thanks for the update!

<!-- gh-comment-id:1276700064 --> @antonym commented on GitHub (Oct 12, 2022): Thanks for the update!
Author
Owner

@voltagex commented on GitHub (Oct 6, 2023):

image

image
image

<!-- gh-comment-id:1750327805 --> @voltagex commented on GitHub (Oct 6, 2023): ![image](https://github.com/netbootxyz/netboot.xyz/assets/83080728/6195aa0a-b4b5-4ab0-b65b-009b7890c7bb) ![image](https://github.com/netbootxyz/netboot.xyz/assets/83080728/330ef09c-f494-477d-afc9-b51fcb7722e1) ![image](https://github.com/netbootxyz/netboot.xyz/assets/83080728/61266fa3-2d93-4ac5-af45-08de974f5e6e)
Author
Owner

@voltagex commented on GitHub (Oct 6, 2023):

I have submitted this as a false positive to Microsoft

https://www.microsoft.com/en-us/wdsi/submission/4a5b8b98-b5ff-4d5d-8fc3-55b6c98c951b

<!-- gh-comment-id:1750329746 --> @voltagex commented on GitHub (Oct 6, 2023): I have submitted this as a false positive to Microsoft https://www.microsoft.com/en-us/wdsi/submission/4a5b8b98-b5ff-4d5d-8fc3-55b6c98c951b
Author
Owner

@voltagex commented on GitHub (Oct 6, 2023):

Looks like it's only the 1.399.129.0 definitions that were flagging it. Comes up clean on VirusTotal too.

https://www.virustotal.com/gui/file/4fee0b1b97e601600c3ea97e0c9362ff15498720218373aa4ed6b98957c246a2/behavior

<!-- gh-comment-id:1750345016 --> @voltagex commented on GitHub (Oct 6, 2023): Looks like it's only the 1.399.129.0 definitions that were flagging it. Comes up clean on VirusTotal too. https://www.virustotal.com/gui/file/4fee0b1b97e601600c3ea97e0c9362ff15498720218373aa4ed6b98957c246a2/behavior
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/netboot.xyz#320
No description provided.