Windows 10 Security Reports Threat for BlueIris 5.9.7.1 Updater

[plfinch]

Did an update to 5.9.7.1 in my sandbox and Windows reported severe threat for and blocked the updater (C:/ProgramData\Blue Iris\temp\update.exe).

The detected threat is trojan:Script/Wacatac.B!ml.

May be a false positive on a coincidentally matching hex string but thought best to report and discuss.

Peter

 

[plfinch]

Over 300,000 downloads and I am the only one who had this?

 

[Vettester]

Over 300,000 downloads and I am the only one who had this?

No threats found on Wndows 11.

 

[plfinch]

No threats found on Wndows 11.

I didn't get the alert during a scan. I performed the update from within BlueIris and after BluIris downloaded the update file (update.exe), Windows Security (Defender) jumped in and blocked the update from running and reported the threat. In response, I had Defender delete the file. I would expect Windows 10 and 11 to share the same virus maps and this particular trojan is a couple years old. So surprised only I am seeing this.

Afterwards, BlueIris installed other recent versions without incident. Think I will just skip this particular version for testing.

Peter

 

[fenderman]

Upload the file to virus total.