Hi, we're aware that a recent update of Windows Defender malware signatures is triggering false positive detections on Odoo installers.  It can report "Trojan:Win32/Wacatac.H!ml", "Trojan:Win32/AgentTesla!ml", "Trojan:Win32/Casdet!rfn" or "TrojanSpy:Aicat.A!ml", and perhaps others.

It seems to affect even very old builds from several years ago, indicating that it's really flagging something related to our win32 packaging technology, and not something that we changed recently.

You can easily verify that our installers aren't bundling malware by scanning them on the industry reference VirusTotal, where they will be verified by dozens of anti-malware solutions, and shown to be clean.
E.g. here is the link for the scan of the Odoo 16 Community installer of March 20, 2023:
 https://www.virustotal.com/gui/file/7c9aa224093c4ee6249261ac75875d9b8459e82316c99ec50066c4c415e52737

You can upload the file directly on VirusTotal or just search for the SHA1 or SHA256 hash of the file.

We're investigating this issue with Microsoft, but this is a slow process, and we have received several answers stating that "it's all clean, please update your Defender signatures". But it doesn't seem to be working yet.

For what it's worth, here are the instructions that Microsoft provides for updating the malware signatures:

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

And here is the website where you can submit files to Microsoft in order to report a false positive detection: https://www.microsoft.com/en-us/wdsi/filesubmission

Update: It also appears that Microsoft Edge will show a warning page when accessing our download page at https://nightly.odoo.com or https://download.odoo.com stating that "This site has been reported as unsafe". This is likely to be caused by the false positive related to our installers, and can normally be bypassed using the "More information" section of the page, where you can choose to Report that this site is safe (which you can do to help correct the false positive) and to Disregard the warning and continue.

Having an antivirus program detect a Trojan in the Odoo 16 Windows installer can be concerning. While I cannot provide real-time information on specific cases, I can offer some general insights that may help.

It's important to note that antivirus programs like Microsoft Defender Antivirus are designed to protect your computer by identifying and removing potential threats. If the antivirus software detected a Trojan in the Odoo 16 Windows installer, it indicates that the program has identified certain behaviors or patterns in the installer that resemble those of a Trojan.

When installing Odoo 16 Windows alerted me to the software that could damage the system, after insisting on installing the program some software stopped working, namely Chrome, office, Teams, visual studio, etc.
I had to perform a system restore and even then some programs were not functional. It was necessary to reinstall all windows from scratch!

Seems like this problem still exists. Even though I can verify through other sources the validity of the file, this is not the way I would want to install anything on any PC. Defender has to be told not to delete the file and then the splash screen says unrecognized software. I'm new to this software and so far, I'm getting very low confidence that support will solve future problems in a timely manner since the installer problem is over a month old now.

Same happened today! I saw  Trojan:Win32/Casdet!rfn. Downloaded community about a month ago on different computer and no issues. Definitely not confidence inspiring. Whats up? False positive?