Why does BiglyBT Launcher trigger MalwareBytes (MBAM)?

[RobustCoder]

OS and version: Windows 10 for Workstations, fully patched BiglyBT Version Number 3.0.0.0, the very latest as of today

I was running BiglyBT earlier today, all my torrents finished downloading (and I seeded until I shared back 1.10 X), so I shut down the BiglyBT GUI.

But every now and then, Malwarebytes (MBAM) pops up a warning like in the attached file. (After I shut down the BiglyBT GUI, I re-enabled MBAM's "Real-Time Protection" /"Web Protection" that I had earlier turned off while torrenting.)

I can see in Windows Task Manager that BiglyBT left a background process running named "BiglyBT Launcher".

Why is that process calling out to different IP addresses that MBAM thinks host trojans?

[parg]

Someone is running a BitTorrent client at IP address 199.83.203.104 on port 51834.

BiglyBT attempts to connect to that peer using the BitTorrent protocol.

MalwareBytes intercepts the connection for reasons only known to itself decides to waste your time with a "look at me, I'm so worthwhile" popup.

Try complaining to MalwareBytes, it isn't anything to do with BiglyBT...

[RobustCoder]

Why would "BiglyBT Launcher" connect to any outside peer at this point?

Recall: while I had been torrenting earlier yesterday, at the time I took this screenshot, I had long ago shut down the BiglyBT GUI since all my torrents were done. I did not even know that "BiglyBT Launcher" was a background process until MBAM popped up that warning.

[parg]

"BiglyBT Launcher" is the BiglyBT runtime process, dunno why it is still hanging around, pehaps MBAM caused it to hang

[RobustCoder]

The hanging around is mildly bad. But its attempting to contact peers even tho I no longer have any active torrents is bad.

[parg]

Things are active while it is shutting down - DHT traffic for example.

[RobustCoder]

I just solved one mystery.

Opening BiglyBT on my system creates a "BiglyBT Launcher" process in the Apps section of Windows 10's Task manager.

In the GUI, I thought that I was shutting it down by clicking on the "X" in the top right part of its window. But all that does is close the BiglyBY window! It still leaves the "BiglyBT Launcher" process running, albeit, in Task manager it is now classified under "Background processes" instead of "Apps".

So that is why the "BiglyBT Launcher" process was still running.

In other to really shut it down, in the GUI, instead of clicking on the "X", what you have to do is File --> Exit.

Is there a reason why clicking on the "X" does not really shut it down?

[parg]

See Options->Interface: Close minimizes to System Tray

[RobustCoder]

Things are active while it is shutting down - DHT traffic for example.

That is likely what was triggering MBAM when my "BiglyBT Launcher" process was still running as a background process.

Just out of curiosity, if I have no torrents, why does BiglyBT need to engage in any DHT or other traffic?

[RobustCoder]

See Options->Interface: Close minimizes to System Tray

Thanks, config change done.

[parg]

Maintaining the DHT generates traffic in the absence of torrents - it is responsible for storing values close to its location in the DHT namespace for example.