Analysis and Description of Win32/Softcnapp Detection

PUA:Win32/Softcnapp is a generic detection name used by Microsoft Defender to identify unwanted programs. It can occasionally trigger false positive detections on legitimate applications, such as the desktop Viber client, NZXT Cam app, and others. However, is it truly hazardous? Let’s delve into that question.

WHAT IS PUA:WIN32/SOFTCNAPP?

PUA:Win32/Softcnapp is a detection name used by Microsoft Defender to identify unwanted programs. Typically, it refers to a program with genuine functionality but may have certain issues that render it unwanted. These issues could include built-in promotions within the app’s interface or offerings of additional software. However, Microsoft does not disclose the precise criteria behind their detections, leaving analysts to formulate hypotheses.

Unwanted programs are often applications with genuine functionality, but certain aspects may raise concerns. These can include excessive telemetry and advertisements, bundled software installations, and intrusions into other programs’ files. While not necessarily critical, these factors can detract from the user experience and may prompt the Softcnapp detection to alert users.

On March 10, 2024, numerous user complaints surfaced reporting that Microsoft Defender had begun detecting the desktop Viber messenger client as PUA:Win32/Softcnapp. This detection coincided with a recent upgrade to the messenger client’s installer, leading to suspicion regarding certain functionalities of the upgrade.

While the program is legitimate, a few aspects raised doubts about the detection’s accuracy. Extensive analysis across various machines revealed that Viber’s behavior is not entirely ideal or legitimate. Specifically, the program now offers to install a VPN service without specifying its necessity. Additionally, some frameworks used in the app are inaccurately listed, albeit to a lesser extent. Overall, these factors do not seem to be the sole reason for the Defender detection.

Several other legitimate programs, such as Miro, NZXT CAM, and even AnyDesk, are known to be detected with the PUA:Win32/Softcnapp name. Despite their legitimacy, Microsoft Defender often flags them, leading to complaints about false positives.

HOW TO REMOVE SOFTCNAPP DETECTION?

To remove the Softcnapp detection, you can try the following steps:

1. Update Definitions: Make sure your antivirus definitions are up to date. Sometimes, false positives are corrected in later updates.
2. Quarantine or Remove: If you believe the detection is a false positive, you can try to quarantine or remove the flagged file or program. However, be cautious and ensure that the file or program is indeed safe before taking this step.
3. Submit for Analysis: If you are confident that the detection is a false positive, you can submit the file or program to the antivirus vendor for analysis. They may be able to confirm the false positive and update their detection rules accordingly.
4. Exclude from Scans: If you continue to encounter false positives for a particular file or program, you can exclude it from future scans. Most antivirus software allows you to add exceptions or exclusions for specific files or folders.
5. Use an Alternative Antivirus: If you are unable to resolve the issue with Microsoft Defender, you may consider using an alternative antivirus program that does not flag the file or program as a threat.

‍Follow Us on: Twitter, Instagram, Facebook to get the latest security news!