Malware/Lumma Flagging - Patch ID 338092

[Pseudoending]

Unfortunately to say the patch ID (338092) is being flagged as Malware via Carbon Black and other tools. Uncertain what has changed but not great as it's now showing a Lumma Stealer included.

Be careful in updating to the patch ID mentioned given the entry of Malware into this now!

Edit: This has NEVER flagged before, in the multiple months/year(s) of use.

https://socradar.io/malware-analysis-lummac2-stealer/

[focuspulling]

Worse yet, now Windows Defender is automatically quarantining it globally. Basically, it's toast now until the developer fixes it (again). Glad he's at least letting us post about this, instead of banning all discussion like last summer.

[pyrates999]

You can also set windows defender to exclude the following:

1. C:\Program Files\ExplorerPatcher
2. %APPDATA%\ExplorerPatcher

Future updates to EP won't be flagged then.

You can also set windows defender to exclude the directory that you manually download EP to so you can install it without windows defender blocking it.

[Amrsatrio]

Uncertain what has changed

Microsoft's minds have changed. They flagged some past versions of EP as "HackTool ExplorerPatcher" just because they don't like it, and that caused other antiviruses to follow suit. It's been like that ever since the push of security was announced by the CEO. Behavior wise EP has been doing the same things, we did not add new stuff that would otherwise be definitely flagged as a real malware.

65.1 release and 65.5 prerelease are not flagged by defender therefore they are safe to download, for now.