It is just that: Update kills roon, as windows 11 security marks Broo.Runtime.dll as trojan.
Whatâs happening?
¡ My Roon software won't start up
How can we help?
¡ How do I ...?
Other options
¡ My Roon software won't start up
Describe the issue
Windos security blocks Trojan:Win32/Wacatac.B!ml in Roon data om my PC
Describe your network setup
wired connectio with a Netgear Orbi RBR50
Looks real
Run AV scan and take the clean up advice?
Same here. In my case itâs Windows Defender thatâs putting the file in quarantine. Dutch language version.
I have exactly the same problem.
If i take the AV clean up advice (quarantine or delete the file) roon wonât start because the file is missing.
For clarification, is this Windows Defender reporting this, or a third party AV? and what language version of Windows is being used?
There have been cases of third-party AV apps reporting false positives in the past.
I did a AV scan of the roon data files. result no virus.
After this i asked windows to put back the files that where in Quarataine.
result Ronn is opening and playing on my PC
1 Like
Hey all, for those affected, can you let us know which Windows and Windows Defender versions you are running?
To get info about Windows Defender via PowerShell you can follow the steps below:
- Click the Start button and type PowerShell in the search bar.
- Right-click on Windows PowerShell in the search results and select Run as administrator.
- In the PowerShell window, type the following command and press Enter:
Get-MpComputerStatus
- Copy the output and share it in the post
To get info about Windows Defender using UI you can follow the steps below:
- Open the Windows Security app by searching the start menu for Security, and then selecting Windows Security.
- Select the Virus & threat protection tile (or the shield icon on the left menu bar).
- Select Virus & threat protection updates. The currently installed version is displayed along with some information about when it was downloaded.
- Copy or take a screenshot and share it in a post
To get info about the Windows version:
- Select Start > Settings > System , then select About
- Take a screenshot of the appeared pop-up
same issue here:
Windows 11 23H2 build 22631.4602
Defender: 1.421.1455.0
Seems like a false positive on Windows, as virus total reports 0 threats:
Whatâs happening?
¡ Other
How can we help?
¡ None of the above
Other options
¡ Other
Describe the issue
Trojan:Win32/Wacatac.B!ml
Warning Level: Severe
Status: Active
Date: 20-01-2025 08:33
Category: Trojan Horse
Details: This program is dangerous and executes commands from a malicious user.
More Information
Involved Items:
file AppData\Local\Roon\Application\200001496\Roon.ServiceProxy.Base.dll
Describe your network setup
na
Iâve merged your post into the existing thread on this issue. Please can you post the details as requested here:
PS C:\Users\majut> Get-MpComputerStatus
AMEngineVersion : 1.1.24090.11
AMProductVersion : 4.18.24090.11
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.24090.11
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 20-1-2025 05:02:41
AntispywareSignatureVersion : 1.421.1449.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 20-1-2025 05:02:39
AntivirusSignatureVersion : 1.421.1449.0
BehaviorMonitorEnabled : True
ComputerID : 2B986A00-5406-44E0-9CCC-ABAEAFCCC7EA
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement :
DeviceControlPoliciesLastUpdated : 1-1-1601 01:00:00
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.24090.11
NISSignatureAge : 0
NISSignatureLastUpdated : 20-1-2025 05:02:39
NISSignatureVersion : 1.421.1449.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 4
QuickScanEndTime : 16-1-2025 08:35:56
QuickScanOverdue : False
QuickScanSignatureVersion : 1.421.1382.0
QuickScanStartTime : 16-1-2025 08:30:54
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTCapable : Supported
TDTMode : rsw
TDTSiloType : E
TDTStatus : Enabled
TDTTelemetry : Disabled
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :
I have the same (similar?) issue after the update, e.g. Roon wonât start, I am getting a âbroo.runtimeâ error message instead. When I exclude the file (C:\Users<username>\AppData\Local\Roon\Application\200001496\Broo.Runtime.dll) in Windows Defender than the Roon client will start normally.
My info:
PS C:\WINDOWS\system32> get-MpComputerStatus
AMEngineVersion : 1.1.24090.11
AMProductVersion : 4.18.24090.11
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.24090.11
AntispywareEnabled : True
AntispywareSignatureAge : 1
AntispywareSignatureLastUpdated : 1/19/2025 11:40:53 AM
AntispywareSignatureVersion : 1.421.1439.0
AntivirusEnabled : True
AntivirusSignatureAge : 1
AntivirusSignatureLastUpdated : 1/19/2025 11:40:52 AM
AntivirusSignatureVersion : 1.421.1439.0
BehaviorMonitorEnabled : True
ComputerID : 60***********************************A84
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement :
DeviceControlPoliciesLastUpdated : 6/16/2024 4:57:32 PM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.24090.11
NISSignatureAge : 1
NISSignatureLastUpdated : 1/19/2025 11:40:52 AM
NISSignatureVersion : 1.421.1439.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 1
QuickScanEndTime : 1/19/2025 3:21:58 PM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.421.1439.0
QuickScanStartTime : 1/19/2025 3:20:55 PM
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTCapable : N/A
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :
Windows Security
Windows About
W11pro, 24H2, build 26100.2605
RunspaceId :
AMEngineVersion : 1.1.24090.11
AMProductVersion : 4.18.24090.11
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.24090.11
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 20.01.2025 12:51:48
AntispywareSignatureVersion : 1.421.1456.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 20.01.2025 12:51:46
AntivirusSignatureVersion : 1.421.1456.0
BehaviorMonitorEnabled : True
ComputerID :
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement :
DeviceControlPoliciesLastUpdated : 01.01.1601 01:00:00
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.24090.11
NISSignatureAge : 0
NISSignatureLastUpdated : 20.01.2025 12:51:46
NISSignatureVersion : 1.421.1456.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 8
QuickScanEndTime : 12.01.2025 08:50:24
QuickScanOverdue : False
QuickScanSignatureVersion : 1.421.1313.0
QuickScanStartTime : 12.01.2025 08:46:34
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTCapable : N/A
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime 
Get-MpComputerStatus
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
Install the latest PowerShell for new features and improvements! Migrating from Windows PowerShell 5.1 to PowerShell 7 - PowerShell | Microsoft Learn
PS C:\WINDOWS\system32> Get-MpComputerStatus
AMEngineVersion : 1.1.24090.11
AMProductVersion : 4.18.24090.11
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.24090.11
AntispywareEnabled : True
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated : 20/01/2025 14:28:38
AntispywareSignatureVersion : 1.421.1457.0
AntivirusEnabled : True
AntivirusSignatureAge : 0
AntivirusSignatureLastUpdated : 20/01/2025 14:28:35
AntivirusSignatureVersion : 1.421.1457.0
BehaviorMonitorEnabled : True
ComputerID : B13D80FE-2FD0-1025-1EED-969216F6FEE9
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement :
DeviceControlPoliciesLastUpdated : 28/02/2023 10:11:26
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : False
LastFullScanSource : 0
LastQuickScanSource : 1
NISEnabled : True
NISEngineVersion : 1.1.24090.11
NISSignatureAge : 0
NISSignatureLastUpdated : 20/01/2025 14:28:35
NISSignatureVersion : 1.421.1457.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 0
QuickScanEndTime : 20/01/2025 15:32:17
QuickScanOverdue : False
QuickScanSignatureVersion : 1.421.1453.0
QuickScanStartTime : 20/01/2025 15:29:42
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTCapable : Supported
TDTMode : rsw
TDTSiloType : E
TDTStatus : Enabled
TDTTelemetry : Disabled
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :
Seems this is fixed either by Roon or windows.
Steps:
- Update windows security references
- Reinstall Roon with the installer you can download from the website
Hi All!
Our team is taking a closer look into things, thanks for your patience in the meantime!
Glad to hear things are working normally for you @Dexter_prog 
Hi everyone,
Thanks for clarifying your steps @Dexter_prog.
The false positive triggered here has likely been resolved with subsequent Windows Security intelligence definitions.
Please verify that your Windows Security references are updated. Open the Windows Security app, go to âVirus & threat protectionâ and click âCheck for updatesâ to manually trigger an update.
Alternatively, you can follow the steps here: https://www.microsoft.com/en-us/wdsi/defenderupdates
The latest security intelligence update is:
- Version: 1.421.1491.0
- Engine Version: 1.1.24090.11
- Platform Version: 4.18.24090.11
- Released: 1/22/2025 4:42:47 PM
- Documentation: Release notes
Next, please reinstall Roon from our downloads page here.
If the issue persists, please post here.
1 Like
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.