Antivirus Whitelisting Recommendation
Since August 6, 2025, Windows Defender has been updated by Microsoft. This update may cause components of the Scripting Framework Engine to be mistakenly detected and blocked as a threat (false positive).
The reason for this is the naming of one of our files as Engine.exe, which can be classified as potentially suspicious according to the MITRE ATT&CK technique T1036.005 – Masquerading: Match Legitimate Name or Location. Although our Engine.exe is a legitimate component, the name alone can already lead to a misclassification.
o permanently resolve this issue, the file Engine.exe will be renamed to ScriptingFrameworkEngine.exe in the next version of the Scripting Framework Engine. This version is expected to be released next week and is currently being tested.
Therefore, it is recommended to whitelist the following executable files in your antivirus software (including solutions other than Windows Defender):
%INSTALLPATH%\Modul\ActiveSetup.exe
%INSTALLPATH%\Modul\Engine.exe --> Ab Version 3.2.0.0: %INSTALLPATH%\Modul\ScriptingFrameworkEngine.exe
%INSTALLPATH%\Modul\NotificationCenter.exe
%INSTALLPATH%\Modul\ScriptingFramework.exe
%INSTALLPATH%\Tools\AutoUpdater.exe
%INSTALLPATH%\Tools\EnvironmentRefresh.exe
%INSTALLPATH%\Tools\handle.exe
%INSTALLPATH%\Tools\Lockscreen.exeReplace %INSTALLPATH% with the appropriate installation directory. The exclusions should be applied to both the respective processes and their corresponding paths to ensure error-free execution.
Even after the release of the new version 3.2.0.0 with the changed file name, we still recommend creating appropriate exclusions for the Scripting Framework files. This helps to avoid future false positives, even though our executables are digitally signed.
