windows defender blocks qbittorrent - PUA and/or Trojan detection

[kabaid]

Please provide the following information

qBittorrent version and Operating System

4.3.3, Windows 10 20H2,

What is the problem

Windows Security / Virus & threat protection - blocks / removes existing install of qbittorrent and blocks reinstall as well.
Marks it as PUA (potentially unsafe application)
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3aWin32%2fQBitTorrent&threatid=292801

What is the expected behavior

not to get blocked

Steps to reproduce

Try to install qbittorrent on a Windows 10 20H2

Extra info(if any)

updated with additional info from below & other sources
https://www.reddit.com/r/qBittorrent/comments/lwqjm9/qbitborrent_flagged_as_malware_by_microsoft/

also this may be connected to
#12047
, with defender's protection actually targeting this package which includes qbittorrent:
https://www.microsoft.com/en-us/p/qbitorrent/9nlcd0qxd3ss

[glassez]

There is no enough/useful info in Issue description. Will be closed soon unless fixed.

[nienkevanunen]

Been having this issue since today too, and I'm on v4.2.5. Tried to start a torrent via magnet, and it gave me some error about not having a client for the magnet (don't really remember). Then I tried starting qBitTorrent manually and it just wouldn't respond. Restarted my PC and noticed my Windows Defender had given me some pop ups in the sidebar. I'm on Windows 10 Education version 20H2 build 19041.804.

[ELHugoCK]

Hello, same issue right here, the problem starts today around 9am EST, I have the version qbittorrent_4.3.3_x64_setup, I am on Windows 10 pro, 64 bits. As a quicks troubleshooting I uninstalled, restart and install again the software, but the problem remain.

[FranciscoPombal]

What the fuck, Microsoft.

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA:Win32/QBitTorrent!torrent&threatId=236113
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=PUA%3aWin32%2fQBitTorrent&threatid=292801

Summary

Windows Defender Antivirus detects and removes this threat.

Technical details are not available.

Reddit thread: https://www.reddit.com/r/qBittorrent/comments/lwqjm9/qbitborrent_flagged_as_malware_by_microsoft/

[glassez]

It looks like another campaign against BitTorrent software. When I started typing "PUA:Win32" in the search engine, I noticed several occurrences related to different BitTorrent applications.

[athelas64]

App can be allowed in Windows Defender, but will not connect and appear offline despite being allowed in the firewall... It was working flawlessly before.

[sledgehammer999]

oh come on! Microsoft is being a massive bag of dicks. From the reddit post it seems they even flag older versions.

I am a bit angry now. If I was a little bit less sane, I would make qbt detect if Windows Defender was running and open a messagebox urging the user to use another AV suite because MS is being a massive back of dicks, linking to the appropriate proof.

[xavier2k6]

I wonder, does that false app of qBittorrent on the windows store have anything to do with this as well?!

[sledgehammer999]

I wonder, does that false app of qBittorrent on the windows store have anything to do with this as well?!

Well they still have it on their store, so I assume they haven't flagged it at all yet.

[xavier2k6]

Not an issue for me on Microsoft Windows [Version 10.0.19042.844] (20H2) with latest definitions

EDIT: I downloaded 4.3.3 from fosshub & re-installed over my previous installation etc.

[athelas64]

For me, the qBittorrent is working now after being enabled in Windows Defender (which silently removed the app before).
However, I am using DEV version of Windows (21327.1000), so I guess it was a glitch.

[FranciscoPombal]

Whether it happens to some people and not others is not really relevant, as it does not change the fact that Microsoft has registered qBittorrent as malware in their database... #14489 (comment)

[space-orca]

Has there been any word from Microsoft about why qBittorent was blacklisted? Seems ridiculous to ban open source software as a threat, when its code is publicly available

[athelas64]

Cannot comment on whether there is word from Microsoft, but Windows Defender keeps silently removing the software despite being explicitly allowed on the machine. This error in not reported on Windows Insiders Feedback Hub.
After allowing the quarantined software, qBittorrent works.... until the next restart.

[armaguedes]

Has anyone tried running the PortableApps version of qBT? I would assume the end result would be the same, but it may be worth checking. [I'm running qBT v4.3.3x64 without issue, but WinDef has taken a backseat as I'm running Bitdefender AV (free edition).]

[fsmith9999]

I had the same issue, where I was able to use utorrent as recently as yesterday. deleted and qbtorrent also blocked from installing.
However I did make a change in Windows Security (running Windows 10 Pro) to turn off the Check apps and files and the Potentially unwanted app blocking. This allowed be to install qbtorrent and run it. Don't know that I am going to stick with that long term, but at least it is a workaround for now.
Cheers.

[Chocobo1]

In the news: https://torrentfreak.com/utorrent-continues-to-be-flagged-as-severe-threat-and-its-not-alone-210318/

[Seeker2]

This important enough to make it a pinned issue?

[glassez]

This important enough to make it a pinned issue?

How can we really fix it?

[rafi-d]

This important enough to make it a pinned issue?

How can we really fix it?

Easy enough - just exclude the supposedly offending app in Win 10 Defender...

[jurgentreep]

I've excluded the file in Windows Defender but when I try to install it it leads to this: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aWin32%2fTilevn.A&threatid=2147760578

[xavier2k6]

Although I didn't get a trojan, have encountered the PUA windows defender intervention for the 1st time with 4.3.4

[dpetroff]

Exlusion/whitelisting is not the answer. It's a workaround, and a bad one at that. I'm hoping dearly that some effort is put into solving this long term.

Abandon all hope. The contributors to this project have made it abundantly clear for over a year now on similar tickets that in their view:

1. signing binaries is just not a thing that is at all necessary or beneficial for FOSS projects and distributing hashes that may be verified manually by the paranoid is a sufficient level of provenance;
2. this is all Microsoft's fault anyway so they don't need to address it.

And who could blame them? The latest v4.3.7 has installed on my machine today without any Windows Defender complaints, so their stubborn stance has been partially validated. Will this stick? Maybe. Was anything solved? Nah, other people are still getting the warnings. But did they have to follow best practices? Hell naw - if it works for linux power users, it surely works for all.

[curryking3]

4.3.7 just trying to update the program and melted down again because of windows defender. Tried to let it through defender and it wouldn't even let me access the downloads folder anymore and had to delete it through command prompt.

Really needs to be fixed otherwise it's just too much hassle to even update.

[curryking3]

4.3.7 just trying to update the program and melted down again because of windows defender. Tried to let it through defender and it wouldn't even let me access the downloads folder anymore and had to delete it through command prompt.

Really needs to be fixed otherwise it's just too much hassle to even update.

[rover-debug]

Same issue occurred to me on latest 4.3.8. Even have windows defender app protection disabled

[paz]

Haven't had this issue before but 4.3.9 was blocked when I downloaded the update. Using MS edge and win 10 21h1 19043.1288

[AnthonyBe]

Yeah, I saw same with v4.3.9
It was detected as "PUA:Win32/QBitTorrent!torrent"
PUA stands for "Potentially Unwanted App"

[munrobasher]

Yeah, I saw same with v4.3.9 It was detected as "PUA:Win32/QBitTorrent!torrent" PUA stands for "Potentially Unwanted App"

Same here on two Windows 10 systems.

[rafi-d]

Because M$ decided what torrent applications are potentially unwanted applications (PUA). They were blocking PUA in enterprise OS versions, currently they enabled it for everyone. https://www.windowslatest.com/2021/08/04/windows-10-will-automatically-block-potentially-unwanted-apps/

[duckimann]

Yeah, I saw same with v4.3.9 It was detected as "PUA:Win32/QBitTorrent!torrent" PUA stands for "Potentially Unwanted App"

Same here. Windows def has a lot of false positive :(

[yontekh]

This just happened to me aswell, I am on Windows 10 HOME edition
I used to always completely disable Windows Defender using registry edits and such, but was too lazy to do it this time around, but now I am sure I will never allow it to run again.

And I blame Microsoft. Because you cannot argue that this app is PUA more than any other program is "Potentially" unwanted.

[paz]

is there anything that matches up with how good win defender is for a free antivirus? or should I just disable the PUP thing and move on.. i heard eset or kaspersky are decent ..

[rafi-d]

is there anything that matches up with how good win defender is for a free antivirus? or should I just disable the PUP thing and move on.. i heard eset or kaspersky are decent ..

The correct way is to exclude the false positives, not disable all PUP detections.
I am happy with Avast (+ Defender)

[icedterminal]

It's gotten worse with 4.3.9. Once launching the installer, Defender takes it away from you and puts it in quarantine.

PUP Detection	Trojan on launch

[jamiew0w]

hello qbittorrent team,

i understand your guys stance, but I must ask has there been any pro-active communication with microsoft?

https://www.microsoft.com/en-us/wdsi/filesubmission

from what i can gleam, signing the releases should help substantially too. is this something you guys and girls are planning on doing?

i think it's important we get a yes/no answer. right now, this issue is left in limbo and swept under the rug (why is it closed?)

thanks in advance, and love qbittorrent!

[rafi-d]

has there been any pro-active communication with microsoft?

Why don't you [re]submitted it? Anyone can.
I am guessing it is closed since there is nothing that can be done, code-wise...

[jamiew0w]

has there been any pro-active communication with microsoft?

Why don't you [re]submitted it? Anyone can. I am guessing it is closed since there is nothing that can be done, code-wise...

It needs to be submitted as a developer and impersonating qbittorrent maintainers isn't going to help.

[rafi-d]

has there been any pro-active communication with microsoft?

Why don't you [re]submitted it? Anyone can. I am guessing it is closed since there is nothing that can be done, code-wise...

It needs to be submitted as a developer and impersonating qbittorrent maintainers isn't going to help.

Not if you enter under "Home Customer"

[jamiew0w]

has there been any pro-active communication with microsoft?

Why don't you [re]submitted it? Anyone can. I am guessing it is closed since there is nothing that can be done, code-wise...

It needs to be submitted as a developer and impersonating qbittorrent maintainers isn't going to help.

Not if you enter under "Home Customer"

@rafi-d , please stop trying to derail this issue, this isn't a forum. It needs maintainer clarification.

[duckimann]

Correct me if i'm wrong: I remembered they said somewhere that they will not deal with this PUA thing anymore, that's MS problem.

[rinick]

install avira or any other anti virus software should solve the problem.

[jpegxguy]

You can disable Potentially Unwanted Apps protection in Defender Settings. You guys could try that if and only if the explicit exclusion of the .exe doesn't work

[jpeg115]

Kaspersky is also blocking it now....