PUA:Win32/Softcnapp Detection Analysis & Description

Although being an effective security tool, Microsoft Defender may sometimes display false alarms

PUA:Win32/Softcnapp is a generic detection name of Microsoft Defender, assigned to an unwanted program. It sometimes appears as false positive detections of a legit app, like a desktop Viber client, NZXT Cam app, and others. But is it really dangerous? Let’s find out.

What is PUA:Win32/Softcnapp?

PUA:Win32/Softcnapp is a detection name of an unwanted program, coined by Microsoft Defender. It usually denotes a program with actual functionality that nonetheless has some issues that can make it unwanted. For instance, such issues could stem from the promotions built into the app’s interface, or offerings of additional software. Still, Microsoft does not uncover the exact meaning of their detects, leaving analysts with hypotheses only.

PUA:Win32/Softcnapp detection

Unwanted programs may be applications that have actual functionality, but some of their properties raise questions. Excessive telemetrics and advertisements, bundled software installation, intrusions to other programs’ files – although not critical, these things can make the user experience unpleasant. And this is what the Softcnapp detection is most likely meant to notify users about.

PUA:Win32/Softcnapp Viber False Positive

On March 10, 2024 a massive wave of complaints from users appeared, stating that Microsoft Defender started detecting the desktop Viber messenger client with the PUA:Win32/Softcnapp name. The messenger client has recently adopted a new installer, which is supposed to be a culprit. It seems some of the functionality of the upgrade makes the Defender suspicious.

Win32/Softcnapp Viber
Microsoft Defender detects Viber as Softcnapp

While the program itself is totally legit, there are a couple of things that confused me and made me think the detection is not completely false. The thorough analysis on several different machines shows that the behavior of Viber is not 100% ideal and legit. In particular, the program now offers to install a VPN service without a word about whether this is required or not. Also, some of the frameworks used in the app are not listed correctly, but that is a lesser evil. And overall, it does not look like this is the reason for the Defender detection to appear.

There are several other legit programs that are known for being detected with the PUA:Win32/Softcnapp name. Same as Viber, they are legitimate, but Microsoft Defender has another opinion. People complain that this detection appears on Miro, NZXT CAM, and even AnyDesk applications. Therehence, more often than not, it is a false positive.

How to Remove Softcnapp detection?

Removing PUA:Win32/Softcnapp may require using anti-malware software. When Microsoft Defender shows this detection on Viber or another legitimate app, all you need to do is to add the affected program to the whitelist. Usually, Microsoft fixes the false detection in a matter of days. However, the actions are different when you’re not sure about the affected program.

In situations where you cannot recognize whether the detected app is legit, I recommend running a scan with GridinSoft Anti-Malware. This effective and easy to use program will provide the second opinion and reveal whether you have anything to worry about, or not.

PUA:Win32/Softcnapp Detection Analysis & Description

By Stephanie Adlam

I write about how to make your Internet browsing comfortable and safe. The modern digital world is worth being a part of, and I want to show you how to do it properly.

1 comment

  1. It’s a windows defender false positive. In my computer (windows 11) defender marked *the shortcut* to viber as a threat, without having an updated version of Viber!
    Additionally, today I got a report for an html file of mine (static, minimal scripting, more than a year old) containing PUA:Win32/Softcnapp. NO WAY!

Leave a comment

Your email address will not be published. Required fields are marked *