(not anymore) Windows Defender Sucks… sometimes.

(edit: this blog post is out of date. there are no more false positive problems with naBoota)

I guess Windows Defender just doesn’t like me. Because now, it detects one of the system files of naBoota as a Trojan, and it also classifies it as a SEVERE SECURITY THREAT.



When you press Begin in naBoota, Windows Defender will quickly remove a file called “nabootaDiskpart.exe”, and the program will softlock, meaning the loading bar will never go away. This exe file is required to format the USB drive in order to extract the iso (or whatever) image into it. I guess AV heuristics are just this strict.

Not just that, but clicking “Restore” or “Allow on this device” will do nothing, as it will quickly pick it up again. So to use naBoota, you first need to disable Windows Defender.

Here is the VirusTotal results of that file. You can see a lot of the big AV engines mark it as ‘clean’.

I have just sent it to Microsoft for them to analyse the file further, but it will probably take a couple millenia for them to do so:


This is also the reason of the delay of naBoota’s Microsoft Store release.

Thanks for being patient and understanding.

**(20 June 20) this blog post was hidden almost since I first wrote it, but now I have decided to republish it. It also used to say “almost all of the trustworthy AV engines mark it as ‘clean’.”, which, looking back, was a bit of a bitter thing to say, so I have updated it.)