Microsoft Defender ATP Detects software as Malware RRS feed

  • Question

  • Hi team,

    When I install my software, Microsoft Defender ATP creates an alert with title "Detrahere main downloader". It says in the description "This file is a component of the "Zacinlo" adware suite (Microsoft detect Zacinlo as Detrahere)". I am sure the software isn't any adware suite. In the artifact timeline, it blocks an exe, which will extract a set of exes and dll to a directory. Please provide me some insights on why this alert is thrown by ATP. If you need any additional information please let me know.


    ADSMFREEWINDOWS_7zip.exe   -  This is the exe that gets blocked. Is it because it starts with "Ad" ?


    • Edited by hariharan040696 Tuesday, January 21, 2020 7:59 AM Additional information
    Monday, January 20, 2020 2:17 PM

All replies

  • Zacinlo is a trojan.

    S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

    Saturday, February 1, 2020 1:20 AM
  • I understand zancinlo is a trojan. But the thing is, I developed the software in my end and in no way it is a virus. On what basis does it detect my tool as trojan?
    Thursday, February 6, 2020 7:35 AM
  • Hi,

    Is there any updates? This is seriously affecting our customer base. Please provide a solution ASAP. 

    One thing to consider. The above mentioned zip file do extract some .bat and .vbs files. Is this the reason why ATP detects it as malware? If so how can I prevent ATP from blocking my software. 

    Saturday, March 7, 2020 7:03 AM