This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 76%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELF%3C/text%3E%3C/svg%3E)
Dear Microsoft,
I am reaching out to request further investigation into a recent severe Trojan detection on our system:
Threat Details:
Category: Trojan
Severity: Severe
Detected At: 2025-08-04 10:57:45
Quarantined At: 2025-08-04 10:57:51
Detected File: C:\Program Files\WinRAR\Default.SFX
Process User: NT AUTHORITY\SYSTEM
Detection Source: System
The file was last modified on 2025-07-30 11:50:35, and the detection occurred shortly after using the following command to update WinRAR:
powershel
We would appreciate your assistance in determining whether:
The malicious file was introduced during the update via winget, or
The trojan is embedded in the latest official WinRAR release itself.
Given the nature of the detection and its association with a legitimate application, we would like to avoid false positives or potential supply chain compromises. If needed, we can provide the quarantined file and relevant logs.
Thank you in advance for your support and analysis.Dear Huntress,
I am reaching out to request further investigation into a recent severe Trojan detection on our system:
Threat Details:
Name: Trojan:Win32/Egairtigado!rfn
Category: Trojan
Severity: Severe
Detected At: 2025-08-04 10:57:45
Quarantined At: 2025-08-04 10:57:51
Detected File: C:\Program Files\WinRAR\Default.SFX
Process User: NT AUTHORITY\SYSTEM
Detection Source: System
The file was last modified on 2025-07-30 11:50:35, and the detection occurred shortly after using the following command to update WinRAR:
powershel
We would appreciate your assistance in determining whether:
The malicious file was introduced during the update via winget, or
The trojan is embedded in the latest official WinRAR release itself.
Given the nature of the detection and its association with a legitimate application, we would like to avoid false positives or potential supply chain compromises. If needed, we can provide the quarantined file and relevant logs.
Thank you in advance for your support and analysis.
Did you try to check on virus total if is a real positive?
its on virus total but it keeps not clear. what i can find is there was a bug/leak that has being patched in the latest winrar build now. https://www.tomshardware.com/software/winrar-exploit-enables-attackers-to-run-malicious-code-on-your-pc-critical-vulnerability-patched-in-latest-beta-update
Defender is preventing but the prevent happens within the update so thats why im not trusting it direct if everything is good now as it works trough the default.sfx file.
Please submit the quarantined Default.SFX to the Microsoft Security Intelligence portal: https://www.microsoft.com/wdsi/filesubmission That will allow our analysts to validate if this is a confirmed trojan or a false positive.
😊 If my answer helped you resolve your issue, please consider marking it as the correct answer. This helps others in the community find solutions more easily. Thanks!