Please -Need Advice-

I am the owner of a ecommerce company selling on multiple marketplaces such as Amazon, Walmart and Ebay, just to name a few. Our business relies on many different software applications. I hired a tech from India who has been doing all the work since the last 4 years. He has created many apps and has provided many fixes.

My question is this. Recently I received an app from him for a application that enters tracking numbers into our Walmart seller account. When running the app the .exe was immediately removed and quarantined. His app contained a virus. Trojan:Win32/Wacatac.B!ml . silly question, can this be a false positive? Coming from your own personal dev, does it have to be malicious? I don’t want to come at him if it happens here and there in the dev world and is accepted with smaller projects. Or fire him immediately and change all passwords?

Report it. https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

There are certainly a lot of hit on that malware name.
https://www.google.co.uk/search?q=Trojan%3AWin32%2FWacatac.B!ml
Many of those hits mention Windows Defender as the detection source.

The only thing that I find strange is that this doesn’t appear to be a typical Avast malware name.
So was this a detection by Avast ?