anomalyco
[False Positive?] Windows Defender detects `Trojan:Win32/Wacatac.H!ml` when running opencode
Description
I am encountering a critical issue where Windows Security (Windows Defender) flags and quarantines files immediately upon running opencode in PowerShell. The detection is identified as Trojan:Win32/Wacatac.H!ml.
I am strictly using opencode-antigravity-auth from this repository.
To Reproduce
- Open PowerShell.
- Run
opencode. - Windows Security immediately triggers a "Threat quarantined" notification.
Expected behavior The tool should execute without triggering antivirus heuristics.
Screenshots
Note: The affected items point to temporary
.dllfiles generated inAppData\Local\Temp.
Environment
- OS: Windows 11 Pro
- Shell: PowerShell
- OpenCode: 1.1.11
-
Plugin Version:
opencode-antigravity-auth@beta
Configuration Files Here is my current configuration setup:
antigravity.json:
{
"$schema": "https://raw.githubusercontent.com/NoeFabris/opencode-antigravity-auth/main/assets/antigravity.schema.json",
"auto_update": true
}
opencode.json:
{
"$schema": "https://opencode.ai/config.json",
"model": "google/antigravity-claude-opus-4-5-thinking:max",
"plugin": ["opencode-antigravity-auth@beta"],
"agent": {
"build": {
"mode": "primary",
"model": "google/antigravity-claude-opus-4-5-thinking",
"thinkingConfig": { "thinkingBudget": 32768 },
"tools": {
"write": true,
"edit": true,
"bash": true
}
},
"plan": {
"mode": "primary",
"model": "github-copilot/claude-opus-4.5",
"tools": {
"write": false,
"edit": false,
"bash": false
}
},
"code-reviewer": {
"description": "Reviews code for best practices and potential issues",
"mode": "subagent",
"model": "google/antigravity-claude-opus-4-5-thinking",
"thinkingConfig": { "thinkingBudget": 32768 },
"prompt": "You are a code reviewer. Focus on security, performance, and maintainability.",
"tools": {
"write": false,
"edit": false
}
}
},
"mcp": {
"context7": {
"type": "remote",
"url": "https://mcp.context7.com/mcp",
"headers": {
"CONTEXT7_API_KEY": "XXXXXX"
},
"enabled": true
}
},
"provider": {
"google": {
"models": {
"antigravity-gemini-3-pro": {
"name": "Gemini 3 Pro (Antigravity)",
"limit": { "context": 1048576, "output": 65535 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] },
"variants": {
"low": { "thinkingLevel": "low" },
"high": { "thinkingLevel": "high" }
}
},
"antigravity-gemini-3-flash": {
"name": "Gemini 3 Flash (Antigravity)",
"limit": { "context": 1048576, "output": 65536 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] },
"variants": {
"minimal": { "thinkingLevel": "minimal" },
"low": { "thinkingLevel": "low" },
"medium": { "thinkingLevel": "medium" },
"high": { "thinkingLevel": "high" }
}
},
"antigravity-claude-sonnet-4-5": {
"name": "Claude Sonnet 4.5 (no thinking) (Antigravity)",
"limit": { "context": 200000, "output": 64000 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
},
"antigravity-claude-sonnet-4-5-thinking": {
"name": "Claude Sonnet 4.5 Thinking (Antigravity)",
"limit": { "context": 200000, "output": 64000 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] },
"variants": {
"low": { "thinkingConfig": { "thinkingBudget": 8192 } },
"max": { "thinkingConfig": { "thinkingBudget": 32768 } }
}
},
"antigravity-claude-opus-4-5-thinking": {
"name": "Claude Opus 4.5 Thinking (Antigravity)",
"limit": { "context": 200000, "output": 64000 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] },
"variants": {
"low": { "thinkingConfig": { "thinkingBudget": 8192 } },
"max": { "thinkingConfig": { "thinkingBudget": 32768 } }
}
},
"gemini-2.5-flash": {
"name": "Gemini 2.5 Flash (Gemini CLI)",
"limit": { "context": 1048576, "output": 65536 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
},
"gemini-2.5-pro": {
"name": "Gemini 2.5 Pro (Gemini CLI)",
"limit": { "context": 1048576, "output": 65536 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
},
"gemini-3-flash-preview": {
"name": "Gemini 3 Flash Preview (Gemini CLI)",
"limit": { "context": 1048576, "output": 65536 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
},
"gemini-3-pro-preview": {
"name": "Gemini 3 Pro Preview (Gemini CLI)",
"limit": { "context": 1048576, "output": 65535 },
"modalities": { "input": ["text", "image", "pdf"], "output": ["text"] }
}
}
}
}
}
Additional Context
The !ml suffix in the threat name suggests this is a Machine Learning heuristic detection, which is often a false positive for unsigned binaries or tools that generate temporary DLLs at runtime. Could you please verify if the release binaries are signed or if there is a known issue with the unpacking process?
This issue might be a duplicate of existing issues. Please check:
- #3415: Windows Defender falsely flags new releases as trojans (primary tracking issue with comprehensive mitigation plan)
- #3406: v0.15.16 was infected by a virus and removed by Windows Security (same Trojan:Script/Wacatac.C!ml detection)
- #3388: Windows Defender | Wacapew.A!ml (similar heuristic detection pattern)
- #1103: opencode-windows-x64.zip file contains virus (recurring issue with false positives)
- #3151: opencode 0.15.1: virus warning on Windows 11 (previous instance of same problem)
- #2564: OpenCode v0.7.6 infected by a virus (earlier report of same false positive pattern)
These appear to be recurring false positive detections by Windows Defender's ML/heuristic signatures. Issue #3415 is the main tracking issue with a comprehensive action plan including code-signing, checksums, and SBOM generation.
Feel free to ignore if this is a different or more specific case than those listed above.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Very good description @saliksik! I can confirm the triggering antivirus heuristics.
Same! I don't trust this sh.t anymore. It infected my PC. Get rid of it.
I see the same behavior, with similarly named DLLs in that temp directory.
- Windows 11 Home 25H2
- OpenCode installed via
npm install -g opencode-ai(native windows Node installation)
Looking at specific versions of the opencode-ai NPM package:
- versions 1.1.9 and below run (but then auto-update in the default configuration)
- starting with version 1.1.10, windows defender flags those DLLs when attempting to invoke the opencode.exe executable
For those affected who are ok running an older version while this gets sorted, see #1793 for a couple options to disable auto-update.
For those affected who are ok running an older version while this gets sorted, see #1793 for a couple options to disable auto-update.
Which version was last stable? I opened an issue just now not realizing this had already been raised. I was on v1.1.11 througout the week and was running fine. When I updated to v1.1.12 I encountered the false positive. In my issue, I show uninstalling and re-installing. And installing v1.1.11 explicitely. same false positive.
Try these steps, 1.1.8 seems to not raise the false positive for now:
https://github.com/anomalyco/opencode/issues/7655#issuecomment-3733104534
in powershell admin use : Remove-MpPreference -ExclusionProcess "opencode.exe" However when you see files like .3aebfebd1ffffffd-00000000.dll in Temp it's like asking for trouble and say Hi! I'm a virus, please scan and detect me. If they would use an %appdata%\Opencode folder and have dll's like
languageserver
│ ├── typescript-language-server.dll
│ └── python-language-server.dll
maybe ms would not detect it as scam. Use decent paths and decent file names and it could already be better, dll's shouldn't be generated in temp with random names. And if you do require something random in the filename, use the PID instead ?
This has been a recurring issue. I'd appreciate it if you could work with MS Defender team to resolve it. Thanks
I'll try to get code signing setup soon to avoid these false positives
