Trojan in install-tl-windows.exe reported by Windows Defender
Andrea GINI
andrea.gini at sns.it
Fri Jun 16 10:54:33 CEST 2023
Hi everyone in the list, I recently posted a question on Tex stackexchange
regarding an issue with the windows installer.
https://tex.stackexchange.com/questions/688689/trojan-in-install-tl-windows-exe-reported-by-windows-defender
To briefly summarise:
Different clean windows machines with only the basic preinstalled Windows
Defender report the texlive windows installer as a "Critical threat" for
Trojan:Win32/Wacatac:B!ml.
I installed texlive two months ago without alerts or issues. A colleague of
mine tried yesterday and the executable was erased and then the system pops
up with the alert.
I tried too and the alert went off indeed.
I know about false positives, but it is possible that the installer is now
infected, and two months ago was indeed safe?
If this is a false positive, can something be done to whitelist the
executable contacting Microsoft?
I believe a large plethora of people use a standard windows installation
and this issue practically make un-installable texlive.
I had problem in the past during the installation, but this is the first
time that the executable is immediately erased after the download as a
"dangerous file".
Best regards,
Andrea
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://tug.org/pipermail/tex-live/attachments/20230616/4e832840/attachment.htm>
More information about the tex-live
mailing list.