starred/qBittorrent

Fork 0

mirror of https://github.com/qbittorrent/qBittorrent.git synced 2026-03-02 22:57:32 -05:00

Bitdefender Ransomware Positive Detection, hopefully "False" #7894

New issue

Closed

opened 2026-02-21 19:13:51 -05:00 by deekerman · 7 comments

deekerman commented

2026-02-21 19:13:51 -05:00

Owner

Originally created by @Quoddity on GitHub (Oct 10, 2018).

qBittorrent version and Operating System

qBittorrent version v4.1.3
Windows 7 Home, 64x, SP1
Bitdefender Total Security 2019. Build 23.0.10.31 (up-to-date as of today)

What is the problem

Bitdefender Ransomware Module is currently yielding a positive detection to certain actions in qBittorrent. It does not detect ransomware behavior when I use uTorrent 2.2.1. In my examples, it has always been a false positive, but I am wondering if there is a possible security hole here.

What is the expected behavior

qBittorrent is halted by the Ransomware detection module, and must be restarted until another positive detection halts qBittorrent.

Steps to reproduce

Any one of three separate actions seem to cause the ransomware module to halt qBittorrent. There are possible other actions which also cause it.

When a torrent completes downloading;
When I delete both torrent & file after completion from within qBittorrent (right click);
When I deselect one file (I think it's usually 100% downloaded, not sure) from multiple files from within one incomplete torrent. eg., deselecting the txt file which usually designates where the file was downloaded from.

Extra info(if any)

This is not urgent, since I can exclude qBittorrent from the Ransomware Detection module, but my concern is a possible security hole (or a faulty detection method on BitDefender's side).
I suspect the false positive is being caused by how qBittorrent is moving files in all of the above reproducible steps. (In example #3, qBittorrent will create a subfolder entitled ".unwanted" and move the file in there.)
I have configured my system to keep incomplete torrents in a separate folder. Both folders are located on a secondary internal HD.
I have the same setup with uTorrent 2.2.1 and it does not cause the Ransomware detection module to detect anything suspicious.
For reasons independent of this problem, I reinstalled my OS and this behavior has repeated itself.

Originally created by @Quoddity on GitHub (Oct 10, 2018). ### qBittorrent version and Operating System qBittorrent version v4.1.3 Windows 7 Home, 64x, SP1 Bitdefender Total Security 2019. Build 23.0.10.31 (up-to-date as of today) ### What is the problem Bitdefender Ransomware Module is currently yielding a positive detection to certain actions in qBittorrent. It does not detect ransomware behavior when I use uTorrent 2.2.1. In my examples, it has always been a false positive, but I am wondering if there is a possible security hole here. ### What is the expected behavior qBittorrent is **halted** by the Ransomware detection module, and must be restarted until another positive detection halts qBittorrent. ### Steps to reproduce Any one of three separate actions seem to cause the ransomware module to halt qBittorrent. There are possible other actions which also cause it. 1. When a torrent completes downloading; 2. When I delete both torrent & file after completion from within qBittorrent (right click); 3. When I deselect one file (I think it's usually 100% downloaded, not sure) from multiple files from within one incomplete torrent. eg., deselecting the txt file which usually designates where the file was downloaded from. ### Extra info(if any) This is not urgent, since I can exclude qBittorrent from the Ransomware Detection module, but my concern is a possible security hole (or a faulty detection method on BitDefender's side). I suspect the false positive is being caused by how qBittorrent is moving files in all of the above reproducible steps. (In example #3, qBittorrent will create a subfolder entitled ".unwanted" and move the file in there.) I have configured my system to keep incomplete torrents in a separate folder. Both folders are located on a secondary internal HD. I have the same setup with uTorrent 2.2.1 and it does not cause the Ransomware detection module to detect anything suspicious. For reasons independent of this problem, I reinstalled my OS and this behavior has repeated itself.

deekerman

2026-02-21 19:13:51 -05:00

closed this issue
added the
Security
label

deekerman commented

2026-02-21 19:13:56 -05:00

Author

Owner

@FranciscoPombal commented on GitHub (Oct 13, 2018):

This is 100% not an issue with qBittorrent.
Either:
a) Btidefender is issuing a false positive;
b) A torrent you downloaded via qBittorrent contains actual ransomware.

@FranciscoPombal commented on GitHub (Oct 13, 2018): This is 100% not an issue with qBittorrent. Either: a) Btidefender is issuing a false positive; b) A torrent you downloaded via qBittorrent contains actual ransomware.

deekerman commented

2026-02-21 19:13:57 -05:00

Author

Owner

@Piccirello commented on GitHub (Oct 14, 2018):

From where did you download and install qBittorrent?

@Piccirello commented on GitHub (Oct 14, 2018): From where did you download and install qBittorrent?

deekerman commented

2026-02-21 19:13:57 -05:00

Author

Owner

@RayBomb87 commented on GitHub (Jan 1, 2019):

I got the same trouble.
qbittorrent v.4.1.5_x64

@RayBomb87 commented on GitHub (Jan 1, 2019): I got the same trouble. qbittorrent v.4.1.5_x64 ![capture_qbit](https://user-images.githubusercontent.com/37276078/50571573-4a16f580-0dae-11e9-8854-d654cc58049e.PNG)

deekerman commented

2026-02-21 19:13:58 -05:00

Author

Owner

@Dasonic commented on GitHub (Jan 30, 2019):

Also getting this issue. Happens across multiple torrents.

@Dasonic commented on GitHub (Jan 30, 2019): Also getting this issue. Happens across multiple torrents.

deekerman commented

2026-02-21 19:13:58 -05:00

Author

Owner

@colpocleisis commented on GitHub (Aug 9, 2019):

Had this issue as well, was downloading a trusted video file
qBittorrent v4.1.7 x64

Interestingly the file involved seems to be nvidia drivers

@colpocleisis commented on GitHub (Aug 9, 2019): ![seccenter_screen_00090](https://user-images.githubusercontent.com/43792114/62795370-dc1a7580-bad6-11e9-8f96-4701db6cb8b4.png) Had this issue as well, was downloading a trusted video file qBittorrent v4.1.7 x64 Interestingly the file involved seems to be nvidia drivers ![seccenter_screen_00091](https://user-images.githubusercontent.com/43792114/62795554-52b77300-bad7-11e9-9222-37fb6e48d590.png)

deekerman commented

2026-02-21 19:13:58 -05:00

Author

Owner

@FranciscoPombal commented on GitHub (Jan 22, 2020):

This is 100% not an issue with qBittorrent.
Either:
a) Btidefender is issuing a false positive;
b) A torrent you downloaded via qBittorrent contains actual ransomware.

or
c) you downloaded an infected qBittorrent installer/executable from an untrusted source.

@thalieht close please

@FranciscoPombal commented on GitHub (Jan 22, 2020): > This is 100% not an issue with qBittorrent. > Either: > a) Btidefender is issuing a false positive; > b) A torrent you downloaded via qBittorrent contains actual ransomware. or c) you downloaded an infected qBittorrent installer/executable from an untrusted source. @thalieht close please

deekerman commented

2026-02-21 19:13:58 -05:00

Author

Owner

@ghost commented on GitHub (Mar 11, 2020):

I faced the same issue once. It's probably due to how qBt renames files after completion(qB extension) just like a ransomware does after encrypting the files..
Definitely a false positive.

@ghost commented on GitHub (Mar 11, 2020): I faced the same issue once. It's probably due to how qBt renames files after completion(qB extension) just like a ransomware does after encrypting the files.. Definitely a false positive.