search

qbittorrent / qBittorrent

qBittorrent BitTorrent client
https://www.qbittorrent.org
Other
27.1k stars 3.9k forks source link

MalwareBytes premium reports qBitt connection #13840

Closed nikolayganovski1 closed 3 years ago

nikolayganovski1 commented 3 years ago

Please provide the following information

qBittorrent version and Operating System

v4.2.5 Windows 10 x64

What is the problem

MalwareBytes premium(latest version 4.2.3) constantly (every 10-20min, sometimes longer) reports that it found malware on outbound connection for the qBittorrent application. Here is screenshot: image It shows different IP's

What is the expected behavior

MWB should not report anything for qBittorrent

Steps to reproduce

Not sure if the non-premium version of MalwareBytes AntiMalware can reproduce this, probably. Please have it and run few torrents(seeding or downloading, no matter)

Extra info(if any)

I am downloading torrents from avistaz btw(kdramas) I will not add exception for the qBittorrent on the program, because I need my computer fully secure, because I make payments from it

powerjungle commented 3 years ago

Immunet also detects the installs as malware when I download them.

nokti commented 3 years ago

Windows Defender and Malwarebytes Free 4.2.3 do not report anything on my machine (I'm running qBit 4.3.1 x64).

nikolayganovski1 commented 3 years ago

Maybe it only happens sometimes (on certain torrents). Here's more info from the program: image image I think there is no way to stop such attacks since the essence of torrents are peer-to-peer?

FranciscoPombal commented 3 years ago

False positive. My guess is some kind of heuristic is getting triggered, making the AV think qBittorrent is a trojan, due to it making many outbound connections. Well, guess what, a BitTorrent client is supposed to make make many outbound connections, with different protocols (TCP and μTP). Or, as your later comment suggests, maybe the AV maintains an (outdated/ineffective/misleading) IP blacklist (among other things, the corrupt AV companies are bought and paid for by terrorist organizations[1] such as the MPAA, RIAA, BREIN, etc to list addresses potentially related to copy"""right""" """infringement""" as "malicious"), and it freaks out if qBittorrent happens to send data to a peer at that address, or if it makes requests to related trackers, which is completely normal.

[1]: disrupting the Free flow of information, culture, and knowledge is a crime against Humanity and an act of terrorism.

Now, it is certainly possible that an actual torrent can contain a virulent file. But even if you fully download it, you should still be fine as long as you don't run it/open it with some program (but in any case, your AV would probably quarantine it immediately before you were able to do anything with it).

You should not depend on an AV (a proprietary black-box piece of software running with administrative privileges on your machine) for your security if you are really serious about it anyway, but that's a discussion for another time.

I will not add exception for the qBittorrent on the program, because I need my computer fully secure, because I make payments from it

Funds are safu.