Bug Description
wx.exe (the native binary bundled in @jackwener/wx-cli-win32-x64) is being blocked by Windows Defender Application Control (WDAC) with the error:
應用程式控制原則已封鎖此檔案。 惡意的二進位信譽。
This causes wx CLI commands to fail with errno -4094 (UNKNOWN) when spawnSync tries to execute the binary.
Environment
- OS: Windows 11 Home 10.0.26200
- Node.js: v24.11.1
- wx-cli: v0.3.0
- Defender Engine: 1.1.26040.8 (signature updated 2026-05-24 03:32 UTC)
- Binary path:
node_modules/@jackwener/wx-cli-win32-x64/bin/wx.exe (6,959,104 bytes)
How to Reproduce
npm install -g @jackwener/wx-cli@0.3.0
wx --version
# Error: spawnSync ... wx.exe UNKNOWN, errno -4094
Root Cause
The wx.exe binary is unsigned. Windows Defender's reputation-based protection dynamically flags it as "malicious binary reputation" after a signature database update. This worked previously but stopped working after Defender signatures were updated.
Confirmed steps:
Unblock-File does not help (WDAC is deeper than NTFS zone flags)Add-MpPreference -ExclusionPath does not help (this is WDAC, not antivirus scan)- Copying the binary to a different path does not help (block is hash/reputation-based)
- The block persists even after
npm install -g --force (same binary, same hash)
Suggested Fixes
- Code-sign the binary — This is the proper fix. A valid Authenticode signature from the publisher would prevent WDAC reputation-based blocking.
- Provide the hash to Microsoft for whitelisting — Submit
wx.exe to Microsoft Defender portal for false positive review.
- Fallback to pure JS implementation — If signing is not feasible, consider a pure JavaScript backend that doesn't require a native binary.
Workaround for Users
Until this is fixed, users can:
- Go to Windows Security → App & browser control → Reputation-based protection
- Lower the protection level or add
wx.exe to the allow list manually
Related
This is a known class of issues with unsigned native binaries bundled in npm packages on Windows. The WDAC reputation system can flag any unsigned binary at any time via cloud reputation updates.
Bug Description
wx.exe(the native binary bundled in@jackwener/wx-cli-win32-x64) is being blocked by Windows Defender Application Control (WDAC) with the error:This causes
wxCLI commands to fail witherrno -4094 (UNKNOWN)whenspawnSynctries to execute the binary.Environment
node_modules/@jackwener/wx-cli-win32-x64/bin/wx.exe(6,959,104 bytes)How to Reproduce
npm install -g @jackwener/wx-cli@0.3.0 wx --version # Error: spawnSync ... wx.exe UNKNOWN, errno -4094Root Cause
The
wx.exebinary is unsigned. Windows Defender's reputation-based protection dynamically flags it as "malicious binary reputation" after a signature database update. This worked previously but stopped working after Defender signatures were updated.Confirmed steps:
Unblock-Filedoes not help (WDAC is deeper than NTFS zone flags)Add-MpPreference -ExclusionPathdoes not help (this is WDAC, not antivirus scan)npm install -g --force(same binary, same hash)Suggested Fixes
wx.exeto Microsoft Defender portal for false positive review.Workaround for Users
Until this is fixed, users can:
wx.exeto the allow list manuallyRelated
This is a known class of issues with unsigned native binaries bundled in npm packages on Windows. The WDAC reputation system can flag any unsigned binary at any time via cloud reputation updates.