TDR and Trojan:Win32/Wacatac.B!ml

Just curious if TDR is designed to catch the Trojan:Win32/Wacatac?

I have a PC running Windows Defender that keeps flagging this Trojan, but yet the active TDR Host Sensor flags nothing.

Because of this I'm assuming that Windows Defender is flagging this as a false positive, but in our crazy world one can ever be too sure.

https://answers.microsoft.com/en-us/protect/forum/all/what-to-do-about-trojanwin32wacatacbml-false/d884df80-2dba-46c9-bd8b-4e2f93c9dd3f

Has anyone else seen or ran across this?

Thanks!

  • Doug

It's usually something simple.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @shaazaminator
    TDR isn't meant to catch viruses that simply exist -- it's designed to stop the behavior that occurs if/when they run. Windows (and other AV programs) are checking heuristic/definition databases for known files.

    If you have a file that you think is suspicious, but only one AV is checking it, I'd suggest checking something like VirusTotal, that'll run it across multiple engines to give you an idea of what's detecting it and what is not.

    If you believe you have a false-negative, I'd suggest opening a support case so that we can get the sample from you safely and analyze it.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.