Uploaded image for project: 'Nuxeo Drive '
  1. Nuxeo Drive
  2. NXDRIVE-2722

Possible regression: Drive 5.2.4 is now detected as Trojan by MSAV and was not in previous versions



    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 5.2.4, 5.2.5
    • Fix Version/s: None
    • Component/s: Security
    • Environment:
      Windows with MS Defender antivirus turned on


      This ticket is opened as Nuxeo Drive 5.2.4 is now detected as a Trojan by MS Defender AV while it was not the case of previous versions.

      There have been reports of 2 different threats by MSAV:

      • Trojan Wacatac.B!ml
      • Behavior:WIn32/Persistence.A!ml

      Notice that these threats are reported based on behavior, not as static analysis.

      How to reproduce:

      • configure Drive 5.2.4 with an account on a server and leave start on boot checked
      • have some actions on the server such as synchronizing a folder
      • reboot the client-side and wait for Drive to start
      • have some actions on the server such as adding or removing files from the synchronized folder
        => Nuxeo Drive is then silently removed from the client-side by MS Defender Anti Virus and the csymptm for the user is that the piece of software vanished.

      You can retrieve the notification in the Microsoft Security Center in the protection history.




            • Votes:
              1 Vote for this issue
              4 Start watching this issue


              • Created: