Windows found/quarantined offending file containing severe "Trojan:Win32/Wacatac.B!ml" malware in the 2023.09.15 update Topic is solved

[Pallid Planetoid]

Posted here (as well) for better exposure.
Windows found and quarantined severe malware in the 2023.09.15 release involving the Basilisk "plugin-container.exe" file -- see linked topic: Basilisk 2023.09.15 Released! for details.

Threat quarantined by Windows 10 (at time of update):

malware threat updating Basilisk.png

Edited to correct misspelling of the reference to the "plugin-container.exe" above (removed typo "t" in "plugin-containter.exe").

[Night Wing]

Since you state Windows found a trojan in a Basilisk update, I'm assuming you are taking about Windows Defender, have you considered this might be a false positive?

[Pallid Planetoid]

Since you state Windows found a trojan in a Basilisk update, I'm assuming you are taking about Windows Defender, have you considered this might be a false positive?

Of course I have considered the possibility of a "false" positive - I'm simply reporting my findings (a "false" positive is always a possibility).

As to how and when Windows quarantined the threat - it occurred while doing the current Basilisk update (hence did not involve a scan). Since it is Windows 10 Security that acted on this it would of course be the Microsoft Windows Defender presumably that is involved in the quarantine of the file. (I do not have any other Anti-Virus software on my Win10 machine, otherwise Windows Defender would have been turned off, if I did). It's worth noting that I've not had this occur on any previous Basilisk updates - so something unique has occurred this time (we would assume there is a reason for this to occur this time presumably).

There are probably ways to submit this file for further review.

These are the kind of questions I have (posted in linked topic) regarding this event (I'm certainly not going to assume anything either way as to whether it is legitimate or not) - and until I can determine the credibility of what Windows has done, I'll leave it the way Windows has addressed the issue.

One of my (several) questions was - leaving the executable file quarantined like it is ("plugin-container.exe") - how is Basilisk impacted? - I cannot see any visible issues using the browser as it is.

That is to say, I need advise as to what to "safely" do.... I'm assuming just because no one else has had this event occur does not necessarily mean it is not legitimate in my case - simply based on the fact that my machine would not likely be identical to any other machine as to how the executable could be regarded as a specific "threat" by my OS. (it's always better "safe" than "sorry" - so I'm not going to risk infecting my computer by simply drawing unfounded assumptions either way)

[Moonchild]

That is to say, I need advise as to what to "safely" do...

search.php?keywords=antivirus+plugin-container

[Pallid Planetoid]

Thanks for the link - but the search results (above) produced just one post which was over 6+ years old and all other posts were 9+ years old or older (not of very much value it would seem....).

When I get more time, I'll look into a way to submit the file to confirm whether the executable is an actual threat or not (with that said, I'm thinking a way of submitting "exe" files might be a bit more difficult to find).

Absent that, it appears Basilisk functions just fine without the "plugin-container.exe" file, hence perhaps (considering it is not a primary browser of mine anyway) maybe I'll simply see what happens as of the next Basilisk update....

[Pallid Planetoid]

I've submitted a request to MS for an analysis of the executable file - further details here: viewtopic.php?f=61&t=30300&p=243519#p243519.

[Pallid Planetoid]

Final analysis determination from MS posted: viewtopic.php?f=61&t=30300&p=243554#p243554.