QOwnNotes.exe detected as Trojan:Win32/Wacatac.G!ml by Windows Defender #1867
Comments
|
What is "the latest update" for you and where did you get it? The genuine Windows binaries from https://github.com/pbek/QOwnNotes/releases are built on GitHub infrastructure. |
|
The app updated itself, on restart the .exe was gone. I also manually downloaded version 20.9.4 from https://github.com/pbek/QOwnNotes/releases/download/v20.9.4/QOwnNotes.zip (see SHA-256 HASH above) and scanned as I mentioned, same result. I'll try to get the debug output and update asap. Edit: yeah I cannot post the debug since I understand this must be done from inside the app. Since the .exe is being removed, I cannot open the application (sorry, I'm not taking the chance to disable the antivirus just in case, I hope you understand. It should be pretty easily reproducible). |
|
I am having the same issue, came here to report it |
|
|
|
I found a thread about something similar: dotnet/runtime#35167 |
|
I can't find any malware with https://www.virustotal.com/gui/file/05fd4fc365aef176604733cfc753fc10aa06f5bb3d680c19f8f380b2d4b6bb32/detection. |
|
I rolled back to the previous build and all was good. Ran the updater, and bam, same virus warning. THat said, I am testing on a second more secure computer, and not getting a warning. |
|
Really sounds like a false positive like mentioned in dotnet/runtime#35167. |
|
I did upgrade QON to 20.9.4 on a Windows 10 Pro machine and had no complains. |
|
I tried again just now scanning 20.9.4 and Windows Defender is not finding anything anymore, so I assume they fixed their definitions. 20.9.5 is also working fine. Closing the issue. |
|
Ok, great. Thank you for testing and reporting! |
Expected behaviour
QOwnNotes.exe should not be detected and removed by antivirus software.
Actual behaviour
With the latest update, QOwnNotes.exe is being detected as Trojan:Win32/Wacatac.G!ml by Windows Defender.
Steps to reproduce
Update Windows antivirus definitions and QOwnNotes.
If enabled for real-time protection, Windows Defender should have automatically removed the .exe
If trying to open it with the portable .bat, an error will say the .exe was not found.
Alternatively, just download the latest QOwnNotes.zip (SHA-256 hash: aadce225f5e111d926ea90021909218f905d8d3bf4fad57c6bdedc792e9a611d) and run a scan with Windows Defender.
Output from the debug section in the settings dialog
N/A
Relevant log output in the Log panel
N/A
The text was updated successfully, but these errors were encountered: