gopeed icon indicating copy to clipboard operation
gopeed copied to clipboard
verified publisher icon GopeedLab

Malware warning by Windows Defender

Open rocapz opened this issue 11 months ago • 11 comments

Image

I downloaded this program straight from the GitHub releases page. Could be a false warning, but I'll remove it until further notice.

v1.6.9

rocapz avatar Feb 11 '25 15:02 rocapz

Yes, this is a false warning, this file is used to communicate with the browser extension, see the source code at: https://github.com/GopeedLab/gopeed/blob/main/cmd/host/main.go

monkeyWie avatar Feb 12 '25 00:02 monkeyWie

https://www.virustotal.com/gui/file/5d3069fcefc5b686756c1b469a616cb6b6115ab7221c91a4e8a6cf43f1a456f3

Seems to be flagged by multiple antivirus software.

KevinMX avatar Feb 15 '25 14:02 KevinMX

Actually, it's the antivirus program's problem, make sure download gopeed from github or the official website and be fine!

monkeyWie avatar Mar 10 '25 01:03 monkeyWie

Also encountered this problem. Windows Defender reports that it has detected a trojan. According to my observations, the problem started appearing in the last few versions, but never happened before.

Image

rtmkrlv avatar Mar 17 '25 11:03 rtmkrlv

I found that there are no false alarms after upgrading the go version to 1.24+

monkeyWie avatar Apr 08 '25 09:04 monkeyWie

又被杀了。。。而且不光是Windows Defender杀,连chrome也提示,没法直接通过浏览器下载。

Image

Image

charley008 avatar Apr 14 '25 03:04 charley008

WIndows Defender warning on v1.7.0.

Image

Also in Virus Total

imheinrichlunge avatar Apr 24 '25 01:04 imheinrichlunge

Image 1.7.0 还是不行

xiaoxiyao avatar Apr 25 '25 02:04 xiaoxiyao

WIndows Defender warning on v1.7.0.

Image

Also in Virus Total

Same for me, I understand software like Solara, or other software, but a harmless downloader software shouldn't be a problem

12tae12 avatar May 20 '25 16:05 12tae12

I received this response from G DATA regarding why they classify host.exe as a PUP:

The submitted file is currently correctly detected by us as Win64.Riskware.Agent.UNJC6F (Engine B).

It is declared to be PUP (potentially unwanted program).

The File is a component of Gopeed a modern download manager that can even support HTTP, BitTorrent, Magnet and etc. This file host.exe is used for communicating with the browser extensions. However it uses a function called browser.OpenURL it is formatted using a custom protocol (gopeed://). While this is all good and does not necessarily pose malicious intent, the function might be exploited to pass malicious parameters besides gopeed:// which might download or accessed malicious payloads. There is higher chance of this happening especially that the file is hosted on a Github repository.

The code of host.exe' can be found here at github.com/GopeedLab/gopeed/blob/main/cmd/host/main.go

Maybe it could help.

rakleed avatar Jun 13 '25 04:06 rakleed

updater.exe在1.7.1版本和host.exe一样被Windows Defender识别为威胁。

gbostock avatar Jul 09 '25 05:07 gbostock