Cause :
Trojan:Script/Wacatac.H!ml virus detected
Update : DxO Support resolved by declaring the detection by Defender to be a false positive.
1 Like
Firstly, before doing anything else, run a scan of your system using Windows Defender and do a clean up.
Reports indicate this is a virus and has been packaged into free apps as well as using in software crackers - not suggesting that is what you have done with NIK btw! (see Windows Defender Trojan:Script/Wacatac.H!ml keeps popping - Microsoft Community)
Once that has been done, download a fresh install copy of NIK from the DxO site and try installing again.
If it persists, you may need other tools besides WD to remove it.
The message only pops up during installation of Nik software, which is blocked by Defender.
Total scan done on my PC by the same Windows Defender in boot mode (offline) des not detect a threat.
The article I quoted does say the malware is a lurker and can bury itself in many places. Perhaps NIK is ‘waking it up’ from one of those places when you run the install?
Windows Defender is ok, but it isn’t the best. I would try a 3rd party software and try that in boot mode.
Same here, MS Defender Windows 11 22H2 blocks Installation new Update Nik Colektion 5:
Trojan:Win32/Casdet!rfn
Dieses Programm ist gefährlich. Es führt Befehle eines Angreifers aus.
C:\ProgramData\Package Cache.unverified\NikCollection.msi
My PC is clean.
2 Likes
Whereas my opinion is that it is an excellent capable AV. I’ve used it since forever and have never had any problems with malware of any type.
Whereas I can’t recommend Malwarebytes. I have a copy of the full / premium version that I got for free via my bank. I used it for a few months and then gave up on it. It is slow to load and seems to add an overhead to my system compared to Microsoft Defender.
Make of that what you will 
Yes, maybe … but I wasn’t proposing it as a permanent solution - - It does a very good job at finding virus nasties … It’s a great tool for trouble-shooting issues such as the one reported.
Heya people. To clear this out I did a fresh instalattion of the windows on a virtual machine (and totally isolated from the host in a separate pc) and in a fresh installation the windows defender also popped up a trojan alert!!
In my case was the Win32/Casdet!rfn.
Anyone know anything about it?
Going to probably take this to support… no real excuse on a fresh install of windows or at least no excuse of the form of pre-existing virus.
Cheers!
3 Likes
In that case it sounds like Windows Defender is miss identifying part of the installer as a virus.
That means the DxO team need to deal with MS to sort it out
1 Like
Same problem. Luckily I have the installer exe from a previous version 5 which is installing without any problems.
2 Likes
It could be a real or a false positive – caution is advisable until issue is resolved by DxO support.
1 Like
It also means that DxO did not test installing Nik Collection on Windows when Windows Defender is active ! … this is a cause for concern.
2 Likes
Update : DxO Support resolved by declaring the detection to be a false positive by Defender.
1 Like
The update is still blocked for me, Defender Signature is up to date.
You have to momentarily disable Defender during the installation. You can also switch to another Antivirus such as Avast
Same problem with Win32/casdet!rfn .
I have the same problem with it being identified as containing Casdet trojan. Maybe Windows Security is identifiying as a false positive bit I’m a bit wary of turning off real time protection to install.
I’d consider the matter as resolved only once DXO have a fix to stop it happening.
1 Like
Same thing with me, Defender sends the file to quarantine… (v5.6.0)
Has NOTHING to do with possible viruses on the system, my system (Win11) is clean!
Is there a statement from DxO?
Defender is still blocking NIk software installation, DXO SHOULD resolve it quickly.
1 Like