https://github.com/qbittorrent/qBittorrent/issues/14489 Skip to content Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Issues - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Education - [ ] [search-key] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} qbittorrent / qBittorrent * Sponsor Sponsor qbittorrent/qBittorrent * Notifications * Star 12.6k * Fork 2.3k * Code * Issues 2.4k * Pull requests 59 * Discussions * Actions * Projects 1 * Wiki * Security * Insights More * Code * Issues * Pull requests * Discussions * Actions * Projects * Wiki * Security * Insights New issue Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Pick a username [ ] Email Address [ ] Password [ ] [ ] Sign up for GitHub By clicking "Sign up for GitHub", you agree to our terms of service and privacy statement. We'll occasionally send you account related emails. Already on GitHub? Sign in to your account Jump to bottom windows defender blocks qbittorrent - PUA and/or Trojan detection # 14489 Open kabaid opened this issue Mar 4, 2021 * 110 comments Open windows defender blocks qbittorrent - PUA and/or Trojan detection # 14489 kabaid opened this issue Mar 4, 2021 * 110 comments Labels Not an issue OS: Windows Comments @kabaid Copy link @kabaid kabaid commented Mar 4, 2021 * edited Please provide the following information qBittorrent version and Operating System 4.3.3, Windows 10 20H2, What is the problem Windows Security / Virus & threat protection - blocks / removes existing install of qbittorrent and blocks reinstall as well. Marks it as PUA (potentially unsafe application) https://www.microsoft.com/en-us/wdsi/threats/ malware-encyclopedia-description?name=PUA%3aWin32%2fQBitTorrent& threatid=292801 image What is the expected behavior not to get blocked Steps to reproduce Try to install qbittorrent on a Windows 10 20H2 Extra info(if any) updated with additional info from below & other sources https://www.reddit.com/r/qBittorrent/comments/lwqjm9/ qbitborrent_flagged_as_malware_by_microsoft/ also this may be connected to #12047 , with defender's protection actually targeting this package which includes qbittorrent: https://www.microsoft.com/en-us/p/qbitorrent/9nlcd0qxd3ss The text was updated successfully, but these errors were encountered: 26 8 We are unable to convert the task to an issue at this time. Please try again. The issue was successfully created but we are unable to update the comment at this time. @glassez glassez added the Invalid label Mar 5, 2021 @glassez Copy link Member @glassez glassez commented Mar 5, 2021 There is no enough/useful info in Issue description. Will be closed soon unless fixed. @poofcakes Copy link @poofcakes poofcakes commented Mar 5, 2021 Been having this issue since today too, and I'm on v4.2.5. Tried to start a torrent via magnet, and it gave me some error about not having a client for the magnet (don't really remember). Then I tried starting qBitTorrent manually and it just wouldn't respond. Restarted my PC and noticed my Windows Defender had given me some pop ups in the sidebar. I'm on Windows 10 Education version 20H2 build 19041.804. image @ELHugoCK Copy link @ELHugoCK ELHugoCK commented Mar 5, 2021 Hello, same issue right here, the problem starts today around 9am EST, I have the version qbittorrent_4.3.3_x64_setup, I am on Windows 10 pro, 64 bits. As a quicks troubleshooting I uninstalled, restart and install again the software, but the problem remain. SS01 @FranciscoPombal Copy link Member @FranciscoPombal FranciscoPombal commented Mar 5, 2021 What the fuck, Microsoft. https://www.microsoft.com/en-us/wdsi/threats/ malware-encyclopedia-description?Name=PUA:Win32/QBitTorrent!torrent& threatId=236113 https://www.microsoft.com/en-us/wdsi/threats/ malware-encyclopedia-description?name=PUA%3aWin32%2fQBitTorrent& threatid=292801 Summary Windows Defender Antivirus detects and removes this threat. Technical details are not available. Reddit thread: https://www.reddit.com/r/qBittorrent/comments/lwqjm9/ qbitborrent_flagged_as_malware_by_microsoft/ 10 [?] 2 @FranciscoPombal FranciscoPombal added OS: Windows and removed Invalid labels Mar 5, 2021 @glassez Copy link Member @glassez glassez commented Mar 6, 2021 It looks like another campaign against BitTorrent software. When I started typing "PUA:Win32" in the search engine, I noticed several occurrences related to different BitTorrent applications. 17 @athelas64 Copy link @athelas64 athelas64 commented Mar 8, 2021 App can be allowed in Windows Defender, but will not connect and appear offline despite being allowed in the firewall... It was working flawlessly before. @sledgehammer999 Copy link Member @sledgehammer999 sledgehammer999 commented Mar 8, 2021 oh come on! Microsoft is being a massive bag of dicks. From the reddit post it seems they even flag older versions. I am a bit angry now. If I was a little bit less sane, I would make qbt detect if Windows Defender was running and open a messagebox urging the user to use another AV suite because MS is being a massive back of dicks, linking to the appropriate proof. 9 @xavier2k6 Copy link Member @xavier2k6 xavier2k6 commented Mar 8, 2021 I wonder, does that false app of qBittorrent on the windows store have anything to do with this as well?! @sledgehammer999 Copy link Member @sledgehammer999 sledgehammer999 commented Mar 8, 2021 I wonder, does that false app of qBittorrent on the windows store have anything to do with this as well?! Well they still have it on their store, so I assume they haven't flagged it at all yet. 3 @xavier2k6 Copy link Member @xavier2k6 xavier2k6 commented Mar 8, 2021 * edited Not an issue for me on Microsoft Windows [Version 10.0.19042.844] (20H2) with latest definitions EDIT: I downloaded 4.3.3 from fosshub & re-installed over my previous installation etc. Screenshot 2021-03-08 125606 Screenshot 2021-03-08 125730 Screenshot 2021-03-08 125701 @athelas64 Copy link @athelas64 athelas64 commented Mar 8, 2021 For me, the qBittorrent is working now after being enabled in Windows Defender (which silently removed the app before). However, I am using DEV version of Windows (21327.1000), so I guess it was a glitch. 1 @FranciscoPombal Copy link Member @FranciscoPombal FranciscoPombal commented Mar 8, 2021 Whether it happens to some people and not others is not really relevant, as it does not change the fact that Microsoft has registered qBittorrent as malware in their database... #14489 (comment) @space-orca Copy link @space-orca space-orca commented Mar 17, 2021 Has there been any word from Microsoft about why qBittorent was blacklisted? Seems ridiculous to ban open source software as a threat, when its code is publicly available @athelas64 Copy link @athelas64 athelas64 commented Mar 17, 2021 Cannot comment on whether there is word from Microsoft, but Windows Defender keeps silently removing the software despite being explicitly allowed on the machine. This error in not reported on Windows Insiders Feedback Hub. After allowing the quarantined software, qBittorrent works.... until the next restart. 2 @armaguedes Copy link @armaguedes armaguedes commented Mar 18, 2021 Has anyone tried running the PortableApps version of qBT? I would assume the end result would be the same, but it may be worth checking. [I'm running qBT v4.3.3x64 without issue, but WinDef has taken a backseat as I'm running Bitdefender AV (free edition).] @fsmith9999 Copy link @fsmith9999 fsmith9999 commented Mar 19, 2021 I had the same issue, where I was able to use utorrent as recently as yesterday. deleted and qbtorrent also blocked from installing. However I did make a change in Windows Security (running Windows 10 Pro) to turn off the Check apps and files and the Potentially unwanted app blocking. This allowed be to install qbtorrent and run it. Don't know that I am going to stick with that long term, but at least it is a workaround for now. Cheers. image @xavier2k6 Copy link Member @xavier2k6 xavier2k6 commented Mar 19, 2021 * edited This may have coincided with the "on-premises Exchange Server attacks" "server-side request forgery (SSRF) vulnerability HAFNIUM Perhaps, these should be enabled by default? Validate HTTPS tracker certificates Disallow connection to peers on priviliged ports @Chocobo1 Copy link Member @Chocobo1 Chocobo1 commented Mar 20, 2021 In the news: https://torrentfreak.com/ utorrent-continues-to-be-flagged-as-severe-threat-and-its-not-alone-210318 / 5 @thalieht thalieht mentioned this issue Mar 21, 2021 Uninstalls on every Windows 10 Update #14579 Closed @thalieht thalieht mentioned this issue Mar 22, 2021 Error : file contains a virus or potentially unwanted software #14582 Closed @Seeker2 Copy link @Seeker2 Seeker2 commented Mar 23, 2021 This important enough to make it a pinned issue? @glassez Copy link Member @glassez glassez commented Mar 23, 2021 This important enough to make it a pinned issue? How can we really fix it? @xavier2k6 Copy link Member @xavier2k6 xavier2k6 commented Mar 23, 2021 Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software which might be unexpected or unwanted. By default in Windows 10 (version 2004 and later), Microsoft Defender Antivirus blocks apps that are considered PUA, for Enterprise (E5) devices. How can we really fix it? We could probably make the binaries CET Shadow Stack compatible for Windows 10 2004 onwards. Control-flow Enforcement Technology (CET) Shadow Stack is a computer processor feature that provides capabilities to defend against return-oriented programming (ROP) based malware attacks. https://docs.microsoft.com/en-us/cpp/build/reference/cetcompat?view= msvc-160 Look in to sigstore sigstore is a project with the goal of providing a public good / non-profit service to improve the open source software supply chain by easing the adoption of cryptographic software signing, backed by transparency log technologies These may help mitigate the impact of this type of issue. In any case, I think CET Shadow Stack compatible binaries is a good feature to add regardless...... 2 @rafi-d Copy link @rafi-d rafi-d commented Mar 23, 2021 This important enough to make it a pinned issue? How can we really fix it? Easy enough - just exclude the supposedly offending app in Win 10 Defender... @FranciscoPombal FranciscoPombal mentioned this issue Mar 24, 2021 Latest 64-bit version detected as a Trojan #14595 Closed @jurgentreep Copy link @jurgentreep jurgentreep commented Mar 24, 2021 I've excluded the file in Windows Defender but when I try to install it it leads to this: https://www.microsoft.com/en-us/wdsi/threats/ malware-encyclopedia-description?name=Trojan%3aWin32%2fTilevn.A& threatid=2147760578 @xavier2k6 Copy link Member @xavier2k6 xavier2k6 commented Mar 24, 2021 Although I didn't get a trojan, have encountered the PUA windows defender intervention for the 1st time with 4.3.4 68 hidden items Load more... @ArcticGems Copy link @ArcticGems ArcticGems commented Mar 30, 2021 * edited qBit doesn't get removed for me, but I added folder exclusion anyway. see #14489 (comment) OS: Windows 10 Home 20H2 Build: 19042.906 I tried downloading build 4.3.4.1 and installed it today. And the Windows Defender warnings didn't pop up. So I think you guys might wanna check again. OS: Windows 10 20H2 build 19042.870 Intelligence Update: 1.333.1600.0 @DanBaur Copy link @DanBaur DanBaur commented Mar 31, 2021 I think Microsoft may have removed the false positive for qbittorrent. I updated to the latest security definition as of making this post and installed the 64bit 4.3.4.1 version from fosshub and defender didn't complain anymore. @dpetroff Copy link @dpetroff dpetroff commented Apr 15, 2021 Look in to sigstore This has been a recurring request. @FranciscoPombal FranciscoPombal mentioned this issue Apr 26, 2021 qBittorrent Uninstalled Itself Overnight #14651 Closed @csavard-sudo Copy link @csavard-sudo csavard-sudo commented Apr 26, 2021 Look in to sigstore This has been a recurring request. Perhaps, but this approach seems tailored to a project such as this. @curryking3 Copy link @curryking3 curryking3 commented May 3, 2021 * edited Just had this issue with 4.3.5 qbitorrent may 2 2021, did not have the issue with 4.3.4 last month when i had switched to it originally from deluge on windows 10 more of the same flagged some pua thing, let it go through defender and it is currently working and uploading right now at least qbit notified of an update to install so i downloaded it from chrome as prompted automatically, as soon as it was downloaded from chrome it got flagged by windows defender, even admin install would not work until letting it pass through defender, even got a weird red warning ive never seen before with any applications in windows installing @EvocativeOlash Copy link @EvocativeOlash EvocativeOlash commented May 3, 2021 Yes the reaction seems more severe now, after allowing the download and trying to run it, after the block there is no easy away to bypass again. @mattspew mattspew mentioned this issue May 3, 2021 problem Defender #14896 Closed @munrobasher Copy link @munrobasher munrobasher commented May 3, 2021 Confirmed - had to turn off real time scan to allow it to install. @BurhanDanger Copy link @BurhanDanger BurhanDanger commented May 3, 2021 Why is this issue still open? It's clearly not an issue with qbittorrrent @FranciscoPombal Copy link Member @FranciscoPombal FranciscoPombal commented May 3, 2021 Why is this issue still open? It's clearly not an issue with qbittorrrent I agree with marking this as "not an issue", but it should be kept open for visibility. Otherwise, people will open more duplicate reports. @FranciscoPombal FranciscoPombal added the Not an issue label May 3, 2021 @munrobasher This comment was marked as spam. Sign in to view @munrobasher Copy link @munrobasher munrobasher commented May 3, 2021 Why is this issue still open? It's clearly not an issue with qbittorrrent I agree with marking this as "not an issue", but it should be kept open for visibility. Otherwise, people will open more duplicate reports. Sounds sensible... @AntonVonDelta This comment was marked as spam. Sign in to view @curryking3 Copy link @curryking3 curryking3 commented Jun 28, 2021 Just for information if helpful - I installed 4.3.6 with no issues earlier today on two PCs (windows x64 on windows 10 next/11 alpha or something), no issues with antivirus, but I had 4.3.5 installed previously already, if that matters and I can't remember if I had changed any settings specifically for qbitorrent install, but worked well. Was hesitating to install actually because I was worried about having install issues, but none at all this time. 2 @munrobasher Copy link @munrobasher munrobasher commented Jun 28, 2021 No such luck here I'm afraid. Still flagged as a virus and blocked: https://i.imgur.com/A9shovE.png @FranciscoPombal FranciscoPombal mentioned this issue Jun 28, 2021 qBittorrent 4.3.6 setup blocked by Microsoft Defender #15134 Closed @sledgehammer999 Copy link Member @sledgehammer999 sledgehammer999 commented Jun 28, 2021 FOSSHUB installed malware. You can easily verify the integrity of the installer either by comparing the sha256 hashes we post in the official website or by using the GPG signature file. If any 3rd party attached malware the hashes would differ. @wrightwriter This comment was marked as spam. Sign in to view @AntonVonDelta Copy link @AntonVonDelta AntonVonDelta commented Jul 11, 2021 FOSSHUB installed malware. You can easily verify the integrity of the installer either by comparing the sha256 hashes we post in the official website or by using the GPG signature file. If any 3rd party attached malware the hashes would differ. This is hypothetical of course but no one checks those hashes and Fosshub can distribute the binary selectively. I think someone already discussed the issue of the binary not being signed. @an0n666 Copy link Contributor @an0n666 an0n666 commented Jul 19, 2021 Virustotal : 0/67 Jotti's malware scan : 0/15 Custom scan with Windows defender: 0 threats found. * Installs fine with defender enabled * Runs fine with defender enabled * Downloads fine with smartscreen enabled * Installs fine with smartscreen enabled * Runs fine with smartscreen enabled Those that still having issues with defender must be using some outdated version of Defender or Windows! @HorsBerries Copy link @HorsBerries HorsBerries commented Jul 23, 2021 Those that still having issues with defender must be using some outdated version of Defender or Windows! Nope, up to date on both...still qbittorrent was flagged as potentially unwanted app. @slacka Copy link @slacka slacka commented Jul 26, 2021 * edited From: https://docs.microsoft.com/en-us/windows/security/ threat-protection/intelligence/criteria# potentially-unwanted-application-pua "PUAs are not considered malware. Torrent software (Enterprise only): Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies. " On Enterprise Editions this can be disabled with Set-MpPreference -PUAProtection Disabled I could not reproduce this on my systems. This bug should be closed as it does not affect Home or Pro. 3 1 @FranciscoPombal Copy link Member @FranciscoPombal FranciscoPombal commented Jul 26, 2021 This is hypothetical of course but no one checks those hashes and Fosshub can distribute the binary selectively. I think someone already discussed the issue of the binary not being signed. That scenario is extremely unlikely. That's the kind of strategy an adversary would use to target specific, high-value individuals, not one that would be use against thousands of random users who happen to torrent. What would be in it for Fosshub? If you wanted to cast a wide net to infect many users with some malware (say, a cryptominer), then you would have to serve quite a high percentage of compromised binaries for your effort to be worthwhile, which would be easily caught. Alternatively, maybe they were bribed by Microsoft to selectively tamper with binaries to prevent users from using BitTorrent-related software. Again, extremely unlikely and irrational, as any significant distribution of such binaries would have been easily caught by now, and permanently damaged FossHub's reputation for binary hosting of all projects as a result, not just qBittorrent. Anyway, to dismiss these concerns, look no further than the many posts earlier in the thread from multiple people (some who are affected by the issue and some who are not) comparing hashes - they are all the same, as expected. From: https://docs.microsoft.com/en-us/windows/security/ threat-protection/intelligence/criteria# potentially-unwanted-application-pua Yeah, I also saw the story on HN today, where there is this comment ( https://news.ycombinator.com/item?id=27958670), which references the page you linked and quoted. This made think that maybe all of the users who are affected by this are using Enterprise, Educition, or Enterprise LTSBruh/LTSCope, and maybe that could be the cause for the false positives. However, a quick scroll through this thread shows that quite a few affected users claim to be using Home or Pro. Unless they are all lying on purpose, which is extremely unlikely, as there is nothing to be gained from doing that, we have to look elsewhere to find the cause. @an0n666 Copy link Contributor @an0n666 an0n666 commented Jul 26, 2021 I can confirm that qBittorrent is detected as PUA by Win Defender in Windows 10 Enterprise LTSC. @Pomax Copy link @Pomax Pomax commented Jul 26, 2021 * edited @curryking3 Note that windows 10 comes with windows sandbox (disabled by default, enabled with a checkbox in the windows features dialog), which sets up a throw-away VM with a completely fresh version of the same build of win10 you're using, for testing things like this. That way you don't run into some previous version potentially messing up results (although as this is specifically about the anti-virus behaviour, you probably need the MP_FORCE_USE_SANDBOX system env var, set to value 1) 2 @RUSshy This comment was marked as spam. Sign in to view @xavier2k6 Copy link Member @xavier2k6 xavier2k6 commented Jul 26, 2021 However, a quick scroll through this thread shows that quite a few affected users claim to be using Home or Pro. I'm one of them & qBittorrent 4.3.6 no longer has any PUA detection issues Windows 10 Pro Version 21H1 Build 19043.1110 Windows Defender/Security Information: Security intelligence version: 1.343.1708.0 Version created on : 26/07/2021 11:23 Antimalware Client Version: 4.18.2106.6 Engine Version: 1.1.18300.4 Antivrus Version: 1.343.1708.0 Anti-spyware Version: 1.343.1708.0 1 @gabrielsoldani Copy link @gabrielsoldani gabrielsoldani commented Jul 26, 2021 * edited @xavier2k6 However, a quick scroll through this thread shows that quite a few affected users claim to be using Home or Pro. I'm one of them & qBittorrent 4.3.6 no longer has any PUA detection issues ... Have you by any chance disabled PUA blocking? (in Windows Security > App & browser control > Reputation-based protection) I was also one of the users affected (using Pro) and have disabled that setting since then. I'd like to re-enable it if it's in fact not detected in the latest versions. Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment Assignees No one assigned Labels Not an issue OS: Windows Projects None yet Milestone No milestone Linked pull requests Successfully merging a pull request may close this issue. None yet 53 participants @Pomax @sledgehammer999 @k7aay @MuTLY @sarim @gabrielsoldani @dpetroff @CardcaptorRLH85 @jurgentreep @rafi-d @egoroof @slacka @athelas64 @Seeker2 @glassez @shanedk @poofcakes @wrightwriter @Chocobo1 @munrobasher and others * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.