Users of LG gram laptops have encountered an urgent issue with the LG Update software. After downloading the update file from the specified location, Windows Defender quickly detects it as a severe threat, specifically Trojan:Win32/Wacatac.B!ml, a very common threat name that is detected almost once by many computers.
Users who have been affected have reported experiencing the same issue. When Windows Defender detects a potentially harmful file, it takes immediate action by deleting the file and notifying users with a “Severe Threat Blocked” notification.
Trojan:Win32/Wacatac.B!ml is just one of the many detection names that Microsoft uses for smaller malware groups. Many types of malicious software have been given this name due to their use of identical code solutions and similar functionality.
There are several entries in the Defender history logs that show the threat being detected and removed multiple times.
Here are the log details encountered by users:
- Detected Threat: Trojan:Win32/Wacatac.B!ml
- Status: Removed
- Date: X/XX/2024 X:XX PM
- Details: This program is dangerous and executes commands from an attacker.
- Affected Items: File: C:\Program Files (x86)\LG Software\LG
- Update\Users\XXXXXXXXX\17XXXX.cab
Based on our initial investigation, it appears that the file is linked to the LG Update & Recovery application. The file name, 17XXXX.cab, is associated with the laptop model number, which can differ among various LG models
There are some concerns regarding the sudden detection by Windows Defender. It is possible that a recent update may have included a new detection rule for this file, causing it to be mistakenly flagged as a threat.
Another possibility is that the latest LG Update could have a compromised file or script, which triggered the alert.
Some users have noticed that the threat is blocked only when the system is starting up, indicating that the file's activity is detected at an early stage of the startup process.
Upon reviewing the Defender history, it becomes evident that there are numerous entries for the same threat, suggesting a recurring problem with this particular file.
How do I fix this issue?
Given that the update is from a reputable electronics company, it is reasonable to consider it a false positive. To address the issue of Windows Defender's frequent detections, we have outlined two simple solutions.
You can temporarily halt the LG update app until Microsoft resolves the problem. Alternatively, you can manually add the update file to the whitelist in Windows Defender.
1. Whitelist the Update File in Windows Defender
Here are the steps to prevent Defender from removing the detected file and allow the computer to proceed with the update:
1. Find and open the Windows Security panel via Settings.
2. Go to the Virus & threat protection page.
3. Click on Manage settings under Virus & threat protection settings.
4. Scroll down and click on Add or remove exclusions.
5. Add the detected file to the exclusion list by entering its directory. Example below.
- C:\Program Files (x86)\LG Software\LG Update\Users\XXXXXX\17XXXX.cab
Once that's done, Windows Defender would no longer detect the file, allowing the system to proceed with the update smoothly. If this didn't work, you have the option to delete the LG update software as an alternative for now.
2. Delete the LG Update & Recovery App
This can be resolved with a simple solution for removing the bothersome alerts that occur every few minutes.
The LG update app is responsible for downloading the detected file, so deleting the app will prevent it from being reinstalled after Windows Defender removes it. This will break the repetitive cycle and put an end to the issue.
1. Open the Control Panel.
2. Select Programs and Features.
3. Find LG Update & Recovery in the list of installed apps.
4. Right-click and select Uninstall.
To prevent your computer from not receiving future updates, it is advisable to reinstall it once LG and Windows Defender have resolved the issue with the detected file.
False positives are a common problem that antivirus programs frequently address promptly upon receiving user reports.
It seems that in this situation, the detection of an update file for a system update could potentially cause a repetitive cycle of alerts.
This occurs because LG continues to download the file even after Defender removes it, as it detects that the update file is missing.