Trojan in install-tl-windows.exe reported by Windows Defender
Zdenek Wagner
zdenek.wagner at gmail.com
Fri Jun 16 15:16:38 CEST 2023
I would rather suspect that the database of the Windows Defender was
updated in the meantime. To see whether your copy is infected or not,
you can downlowd the current version of the file from CTAN and compare
to yours. If they are the same, it is a false positive.
Zdeněk Wagner
https://www.zdenek-wagner.eu/
pá 16. 6. 2023 v 14:59 odesílatel Andrea GINI <andrea.gini at sns.it> napsal:
>
> Hi everyone in the list, I recently posted a question on Tex stackexchange regarding an issue with the windows installer.
>
> https://tex.stackexchange.com/questions/688689/trojan-in-install-tl-windows-exe-reported-by-windows-defender
>
> To briefly summarise:
>
> Different clean windows machines with only the basic preinstalled Windows Defender report the texlive windows installer as a "Critical threat" for Trojan:Win32/Wacatac:B!ml.
>
> I installed texlive two months ago without alerts or issues. A colleague of mine tried yesterday and the executable was erased and then the system pops up with the alert.
>
> I tried too and the alert went off indeed.
>
> I know about false positives, but it is possible that the installer is now infected, and two months ago was indeed safe?
>
> If this is a false positive, can something be done to whitelist the executable contacting Microsoft?
>
> I believe a large plethora of people use a standard windows installation and this issue practically make un-installable texlive.
>
> I had problem in the past during the installation, but this is the first time that the executable is immediately erased after the download as a "dangerous file".
>
> Best regards,
>
> Andrea
More information about the tex-live
mailing list.