External Publication
Visit Post

Windows Defender flags Codex computer-use helper as Trojan:Win32/ClickFix.DE!MTB

OpenAI Developer Community July 3, 2026
Source

Thanks, this is helpful. I’m not whitelisting/restoring it.

Update: this has now reproduced on my main PC too, completely separate from the travel router/VPN/laptop setup. Same Defender detection pattern, and it happened near the end of a Codex commit/turn. That makes me think this is less likely to be network/VPN-specific and more likely a Defender heuristic around Codex’s helper/turn-ended behavior.

Both machines show clean scans afterward, and I’m leaving the item blocked.

  • Codex Desktop version/build: latest as of July 3, 2026

  • Defender security intelligence version: 1.453.401.0

  • SHA-256 of the helper: F2B2F56FCD1699B0FA32DEC3214A56A1D36B937A2ECF58CC822AB4A904551E03 from the first affected machine

still have to see:

  • whether reinstall/update produces the same helper hash under the same cua_node runtime path

Discussion in the ATmosphere

Loading comments...