Response from Microsoft regarding Windows Defender flagging SWL as a Trojan

Hi all, recently there has been concern regarding SWL being flagged as an Emotet trojan by Windows Defender. We submitted clientpatcher.exe to Microsoft for review and this is their response:

Text version:


Submission ID: [redacted]

Status: Completed

Submitted by: andyb (it’s my email)

Submitted: Feb 17, 2021 9:47:26 AM

User Opinion: Incorrect detection

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

  1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
  2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
  3. Run “MpCmdRun.exe -SignatureUpdate”

Alternatively, the latest definition is available for download here:

When in the command prompt (Start Menu ->search for “Command” → Right click and “Run as Administrator”) type cd “C:\Program Files\Windows Defender” to be taken to that directory

It looks like we should be in the clear. Please update your WD definitions and let us know if the issue persists. Thanks all, and we apologize for any undue concern or inconvenience.


Update Feb 20 2021

We’re seeing reports that Windows Defender is still flagging the DX11 client specifically. We’ve followed up with Microsoft and hope for a reply soon. Thanks everyone!

Microsoft has responded already and say they’ve cleared the DX11 client. Please update your WD definitions and try again.


DX11 Receipt:

For completeness’ sake, the base client receipt:


The reports we’ve seen today all seem to point towards the Steam version, so we’ve also submitted the Steam clients to Microsoft for review. We are awaiting a response.

We got a response back for the Steam version of SecretWorldLegendsDX11.exe:

Looks like the definitions file you want to make sure you have is at least 1.331.1487.0. Please let us know if the issue persists even after clearing your definitions cache and getting the latest.