Windows Defender flags Codex computer-use helper as Trojan:Win32/ClickFix.DE!MTB
OpenAI Developer Community
July 3, 2026
Thanks, this is helpful. I’m not whitelisting/restoring it.
Update: this has now reproduced on my main PC too, completely separate from the travel router/VPN/laptop setup. Same Defender detection pattern, and it happened near the end of a Codex commit/turn. That makes me think this is less likely to be network/VPN-specific and more likely a Defender heuristic around Codex’s helper/turn-ended behavior.
Both machines show clean scans afterward, and I’m leaving the item blocked.
Codex Desktop version/build: latest as of July 3, 2026
Defender security intelligence version:
1.453.401.0SHA-256 of the helper:
F2B2F56FCD1699B0FA32DEC3214A56A1D36B937A2ECF58CC822AB4A904551E03from the first affected machine
still have to see:
- whether reinstall/update produces the same helper hash under the same
cua_noderuntime path
Discussion in the ATmosphere