Delta Executor Antivirus False Positive — Whitelist Guide

This page covers antivirus exclusion steps on all platforms. For the full safety overview — virus scan results, ban risk, update downtime, and legal standing — see the Delta Executor safety guide.

Why Injection Tools Get Flagged

Delta Executor modifies the memory of a running process (Roblox) at runtime. This pattern — DLL injection into a foreign process — is a red flag for antivirus heuristic engines, because it’s also how certain malware operates. The AV engine doesn’t know Delta is a legitimate tool; it sees injection behaviour and blocks it.

This is not a sign that Delta is dangerous. It is a known limitation of behaviour-based AV detection.

Windows Defender Exclusion Steps

  • Press Win + S and search for “Windows Security”. Open it.
  • Click Virus & threat protection.
  • Under “Virus & threat protection settings”, click Manage settings.
  • Scroll down to Exclusions and click Add or remove exclusions.
  • Click Add an exclusion → select Folder.
  • Navigate to and select your Delta Executor installation folder (e.g., C:\Program Files\DeltaExecutor\).
  • Click Select Folder — Windows Defender will no longer scan anything inside that folder.

Also check Protection History: if Defender already quarantined a Delta file, go to Protection history → find the item → Restore.

Malwarebytes Exclusion Steps

  • Open Malwarebytes.
  • Click the Settings gear icon (top right).
  • Go to the Allow List tab.
  • Click Add.
  • Choose Allow a file or folder.
  • Browse to the Delta Executor folder and select it.
  • Click Confirm.

Mobile — What Android Flags Mean

Android antivirus apps (Lookout, Avast Mobile, etc.) may flag the Delta APK as:

  • PUP (Potentially Unwanted Program) — not malware; the app has unusual permissions
  • HackTool — generic flag for injection-capable APKs
  • Riskware — app could be misused; not inherently malicious

These are false positives. To proceed:

  • Open your antivirus app → find Delta in Quarantined items or Scanned apps.
  • Mark it as Safe or add it to the Whitelist / Trusted Apps list.

If your antivirus doesn’t allow whitelisting, you may need to temporarily disable real-time protection during installation only.

When It IS Real Malware (Detection Names to Fear)

These AV detection names indicate a likely real threat — do not ignore them:

Detection Name Pattern

Concern

Trojan.Stealer.*

Credential / cookie stealer

Spyware.*

Keylogger or surveillance malware

Backdoor.*

Remote access trojan

Ransomware.*

File encryption malware

Downloader.* with 20+ detections

May pull additional malware

If you see these names when scanning a “Delta” file: do not install it. The file is not from the official source. Delete it and download from the official domain only.

For the full VirusTotal scan breakdown and fake-site warning list, see the Delta Executor safety guide. For the complete overview of Delta Executor — supported platforms, the Gloop engine, and the key system — visit the homepage.