Hi all, recently there has been concern regarding SWL being flagged as an Emotet trojan by Windows Defender. We submitted clientpatcher.exe to Microsoft for review and this is their response:

image1012×550 26.7 KB

Text version:

clientpatcher.exe

Submission ID: [redacted]

Status: Completed

Submitted by: andyb (it’s my email)

Submitted: Feb 17, 2021 9:47:26 AM

User Opinion: Incorrect detection

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run “MpCmdRun.exe -SignatureUpdate”

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions

When in the command prompt (Start Menu ->search for “Command” → Right click and “Run as Administrator”) type cd “C:\Program Files\Windows Defender” to be taken to that directory

image977×513 12.5 KB

It looks like we should be in the clear. Please update your WD definitions and let us know if the issue persists. Thanks all, and we apologize for any undue concern or inconvenience.

Update Feb 20 2021

We’re seeing reports that Windows Defender is still flagging the DX11 client specifically. We’ve followed up with Microsoft and hope for a reply soon. Thanks everyone!

Microsoft has responded already and say they’ve cleared the DX11 client. Please update your WD definitions and try again.

DX11 Receipt:

image941×553 26.8 KB

For completeness’ sake, the base client receipt:

image1138×570 30.1 KB

The reports we’ve seen today all seem to point towards the Steam version, so we’ve also submitted the Steam clients to Microsoft for review. We are awaiting a response.

We got a response back for the Steam version of SecretWorldLegendsDX11.exe:

image884×559 26.6 KB

image1065×46 3.82 KB

Looks like the definitions file you want to make sure you have is at least 1.331.1487.0. Please let us know if the issue persists even after clearing your definitions cache and getting the latest.