Before installing ColourSpace make sure Microsoft Defender is updated to the latest Security Intelligence version, as all ColourSpace releases are verified with the latest Win11 Defender version before release, and Microsoft now makes any necessary changes to Defender to prevent False Positives with ColourSpace before we make a release!

As it is possible that later Defender updates reintroduce False Positives we now list the actual Defender release that was the latest, and tested version, as the time of ColourSpace update being released within the ColourSpace Updates page.

Note: Light Illusion DOES NOT recommend using any 3rd party Antivirus programs.

However, as the Installation Notes say, False Positives may still happen, as ColourSpace is is both obfuscated and packed.

If using any third-party AV Software and a false positive is shown, please inform the AV Software manufacturer of the False Positive, as they can then improve their virus detection accuracy.

www.virustotal.com can be used to see which Anti-Virus systems generate False Positives with ColourSpace.
For any genuine virus, virtually all Anti-Virus suppliers listed will show a positive result.
Results with just a small percentage of the Anti-Virus suppliers showing a positive shows they are False Positives.

Steve

For information, here are some common False Positives that have been incorrectly flagged by Defender:

• Caypnamer.A!ml
• Etset!rfn
• Packunwan
• Puwaders.C!ml
• Sabsik.FL.A!ml
• Softcnapp
• Vigorf.A
• Wacapew.C!ml
• Wacatac.B!ml
• Yomal!rfn

Often proceeded by the term PUA, which stands for 'Potentially Unwanted Program' and is a catch-all for when poor anti-virus
doesn't understand what it has scanned, although the term Trojan is also often found.
All are False Positives.

Steve

For Microsoft Defender, if a False Positive is encountered please submit ColourSpace to Microsoft stating the False Positive detected.

https://www.microsoft.com/en-us/wdsi/filesubmission
And select Home User

For the question 'What do you believe this file is?'
Click either 'Incorrectly detected as malware/malicious' or 'Incorrectly detected as PUA (potentially unwanted application)' depending on the False Positive you have encountered.
And add information on the False Positive file name encountered.

For alternative AV software see: https://docs.virustotal.com/docs/false-positive-contacts

Steve

To avoid any False Positives at all it is possible to Whitelist the necessary folders to prevent Defender scanning them, such as the download folder, as well as the actual installed .exe location.
For example:



The File location is where ColourSpace is installed.
The Folder location is where ColourSpace is download to.

Steve