FORScan forum

Thank you for your response. I was trying a beta version of WIndows 11 which was giving me all the virus and trojan warnings. I rolled back to Windows 10 and Forscan installed and ran without any problems.

FORscan Quarantine File?

Fixing some issues on my laptop. I use a good reliable security software. Scans daily and real-time.

Noticed security program quarantine folder had one file since last deleted files from this folder. Do not recall when I last cleared folder. But recently have renewed/updated my Windows FORscan program on my laptop.

There is one file that has been quarantined recently. Actually, a week ago. Which is about when I updated.

Do you recognize this file?

Drop.Win32.ML.2115

It is associated with the FORscan.exe application file.

Blue

Windows 11 -Ver 22H2

Today I encountered a very irritating & potentially disastrous issue with Windows Security that all FORScan users on Windows NEED to be aware of!!! - I may need to make a fresh thread about this or notify a Mod/Admin (after I make this post)

Details are below (I apologize for not taking screenshots!) along with the fix I've applied:

My Setup:
FORScan for Windows v2.4.19 Beta
Windows 11 Home x64
OBDLink EX (adapter/cable)

After running Windows Update & Updated the Windows Security Protection installing the latest Windows Security Updates tonight, I rebooted and I received an error message that roughly said:

Windows Security has detected a threat. Click here to view more details or Dismiss.

I originally Dismissed the notification and noticed my icon for the FORScan Beta was gone.

I went back into Windows Security and checked the details of the latest found threats and seen:

Windows Security has detected: Trojan.Win32/Wacatac.B!ml
Status: Quarantined

Defender Showed 2 Entries in the Log when I opened it (Windows Defender is separate but basically partially integrated with Windows Security);
1.) Trojan.Win32/Wacatac.B!ml Detected & Quarantined.
2.) Trojan.Win32/Wacatac.B!ml Threat Removed.

I then discovered FORScan.Exe was missing from the FORScan Directory in the Program Files Directory where it's installed to & executed from, and my Desktop & Taskbar - but all the other files in the Folder seem to be mostly untouched, EXCEPT the program executable is GONE completely so it's impossible to open FORScan suddenly.

I reinstalled the Beta v2.4.19 that I have been using, and I instantly receive the same error after it completed the installation and I shows all the same information as I described above, all over again. The icon was immediately gone, and the .Exe file was missing again. I uninstalled and reinstalled the Beta and this issue repeated each time.

FOR REFERENCE: When I originally installed FORScan, I immediately had to add FORScan to the list of exceptions for Controlled Folder Access in Windows Security because every time it tried to update the system registry or memory upon opening or on system startup, it was being blocked as an untrusted application. After it was added as an exception, that issue was resolved - and I haven't had any issues with FORScan, until today.

APPLY THIS FIX TO PREVENT THIS ISSUE (if it hasn't already occurred) OR FIX THIS PROBLEM (if you're experiencing it) ---
1. Open Windows Security
2. Go to "Virus & Threat Protection"
3. Under the "Virus & Threat Protection Settings", Click "Manage Settings"
4. Scroll Down to bottom for "Exclusions" and Click "Add or Remove Exclusions"
5. Click "+ Add an Exclusion" Select "File" and navigate to your FORScan installation Directory (default: C:\Program Files (x86)\FORScan\FORScan.exe)
6. To be extra sure there aren't any future Windows Security issues with files from the FORScan installation Directory:
Add another Exclusion (Step 5.) but Select "Folder" this time and (C:\Program Files (x86)\FORScan) (OPTIONAL - but I did just to be cautious)

THE WHOLE REASON I SAY THIS IS POTENTIALLY DISASTROUS is because when I finally got FORScan reinstalled, by applying the fix above, ALL THE VEHICLE PROFILES WERE GONE/DELETED. This may not be the same for everyone, but I have uninstalled and reinstalled FORScan multiple times and my license always sticks and automatically registers, along with all of my profiles staying in the system without importing them. THIS TIME, I suspect due to Windows Security/Defender being involved, it erased more than just the .Exe and wiped some crucial application data with it!!

Only because I had my profiles backed up, was I able to recover them. But this could be a HUGE problem for some of you that keep many profiles in your system, and losing your original data that you may have stored as a backup not a good thing for anybody.

I know that the file has been submitted to Microsoft years ago to be removed from the malicious file list, but New versions/beta's may register as a different/similar threat in their database and cause this issue again. The Beta may need to be submitted again, in addition to the current regular paid full version.

I hope this helps and saves people from losing data and going through unnecessary headaches/migraines due to Microsoft's short comings!

I wrote about this 5 years ago, because how dare you change the car’s configuration and update modules while Windows closes FORScan in the middle of the process. I recommend add all the files in the list of issued items, not just forscan.exe. Those files are located in the Documents folder and in your main drive at C:\Users\userNAME\AppData\Roaming\FORScan.

Windows Defender detects threat in FORScan v2.3.68

I have the same problem. Suddenly, the "for scan" tells me my laptop has a different hardware ID, which is impossible. Nothing has been changed on the laptop; at most, an update was recently installed. Has Windows messed everything up again with all its security crap, as usual? Has anyone found a solution yet or can anyone help me with what I can do now? Maybe I should just uninstall Windows and download Linux, haha.

Same issue, after update to 2.3.68

defender reports threat : PUA:Win32/Packunwan

Allowing this threat will allow Forscan to operate normally, Does Admin need to submit details to MS again ?

Windows Defender flags the latest FORScan release (v2.3.68) as a Potentially Unwanted Application (PUA:Win32/Packunwan) — whatever that means. We have already submitted a false positive report to Microsoft twice, with no luck. This is strange because it used to work fine. It now seems these reports are checked by an AI instead of a human engineer, which makes the process futile. It appears we will have to change the binary and license the 3rd-party protector we currently use, as it has been unsupported for years and we're unable to modify it.

PUA:Win32 Packunwan is classified as a Potentially Unwanted Application (PUA). It is a type of malware that can embed itself within systems, often bundled with legitimate software. Its main functions include tracking user behavior, displaying unauthorized ads, or creating vulnerabilities for further threats.

Common signs that your system may be infected include:

Unexpected pop-up ads
Slower system performance
Unrecognized software installations
Altered browser settings


Although in 2021 Microsoft claimed


Devices affected by this threat might exhibit the following unexpected behavior:

Slow performance
Presence of added or modified files
Changes in desktop settings
Freezing or crashing
Diminished storage space

botus wrote: Sun Dec 28, 2025 7:12 am PUA:Win32 Packunwan is classified as a Potentially Unwanted Application (PUA). It is a type of malware that can embed itself within systems, often bundled with legitimate software. Its main functions include tracking user behavior, displaying unauthorized ads, or creating vulnerabilities for further threats.

We tried to understand how Microsoft identifies PUAs, but without much luck. It seems to be a kind of heuristic signature analysis that is not effective if the EXE is protected or packed. This Microsoft article contains some information about it:

https://learn.microsoft.com/en-us/defen ... -antivirus

Note the last paragraph on this page:

Exclude files from PUA protection

Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be added to an exclusion list.

So, Microsoft officially admits that errors are possible and some time ago it was possible to sumbit the report that was reviewed and wrong detection was removed. With the last official release it doesn't work, for whatever reason.