Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

False Detection from Defender is affecting our end users and ruining our company

Copper Contributor

Hello, is our company's product.


Its a legit VPN software and its being detected as: TrojanProxy:Win32/Acapaladat!MSR 

by Windows defender / End Point. Almost all the files including the installer from PaladinVPN is falsely detected by Defender.


1. All our files are 100% clean and EV code signed with digital cert.


2. On both of our official website and software, and also during installation of PaladinVPN, we clearly mentioned that how PaladinVPN operates, and ALL the PaladinVPN users agreed and have their consent and knowledge with PaladinVPN will use their internet connection in exchange for free using the PaladinVPN service. Its 100% White and Clean, there's no force/silent installation, there is nothing trojan or malware.


We submited 3 times to defender for false positive:

first time Submission id:  a6bf1297-e2d8-44d5-9a00-73d905709591 

an Analyst replied, saying its a false positive and will remove. but they never did.


second time Submission id :  a7cce085-8a6c-455c-bc9a-cb75bf0629ea 

an Analyst replied, saying its confirmed to be a malware, and the detection will remain in place..


Third time no response any more....


Please help us escalate this urgently, as it has affected to our end users, and its ruining our company's reputation. We have tried everything we can do.  Thanks in advance.



9 Replies
Have you tried adding in AV exclusions and\or creating an alerting rule to ignore alerts for the said application?



Sorry, Did you really read my post?  Defender falsely flaged our company's software as Trojan,   removing the fasely detection its the only solution to our end users!

Yes, I did read the post. I was suggesting alternatives since you posted the question here. That is what this forum is for. Not for escalations. I have been in similar situations and either you wait for MS to take action or escalate through the right channels.
If my mom were trying to install this VPN, I would be very glad Defender is blocking it. Letting someone use an Internet connection for unknown purposes opens a whole slew of legal and EULA problems for your 'customers'. I don't think there is a solution to this problem since it is a flaw in your basic business model.

Hello jbmartin6,

We strictly prohibit any unauthorized use of our users' internet connections. Similarly, BrightVPN, Hola, UrbanVPN and numerous others operate under a similar business model, consistently passing scrutiny by Defender. Thus we are wondering why we get singled out.

In addition, we are more than willing to collaborate with law enforcement authorities in the event of any unlawful activities being carried out.

@PaladinVPN it just seems you haven't already submitted your application files via 'WDSI Submit a file' public web page, by using the specific [ Software developer ] button that is meant for 'Software providers wanting to validate detection of their products' and obviously after reading the official 'submission guidelines', right ? 0;-)

HTHed too, and if it really did, then please feel also very free to mark this post as a solution... Thx in advance  :suprised: :happyface: 

@PaladinVPN , of course is a virus or explain why your website doesnt exist anymore


if your app is not suspicious why it's communication with survey-smiles_com, I installed paladinvpn and infected my PC with 9 Trojans, I found one of them trying to communicate with "survey-smiles_com" and I had have to reset my PC.

@PaladinVPN Well considering that I have uninstalled PaladinVPN ages ago and Trojan warnings still pop up in my computer till this day, it really seems like malware...