Windows Defender alert


I’m a long time Manictime user looking to maybe migrate to your product instead.

I downloaded the latest Windows install, and it triggered a Windows Defender alert;

Trojan:Win32/Bitrep.A on;

  • aw-qt.exe
  • aw-server.exe
  • aw-watcher-window.exe

Is this a known false positive?
I had a quick search, but couldn’t find any reference.


We’ve had this before:

I’ve submitted it to Windows Defender Security Intelligence as a false positive. Thanks for reporting!

The Windows Defender Security Intelligence analysis said the files came back clean, are you using the latest malware definitions?

Just an FYI, there is also an issue with Norton (used for my work). Many of the AW Watcher files are being flagged as “Trojan.Gen.9” alerts (see screenshot).

I am manually adding exceptions (though my work may not like that, so we will see), but yeah, just a heads up. RescueTime is also installed, but not flagged, so there may be something that can be done there.

Edit: They are flagged as “Heuristic Virus” flags.

Possibly related - I had to uninstall it at work. It was just what I was looking for too. :frowning:

The security folks said:
The SOC received an alert indicating that a suspicious executable was detected on a host managed by your agency. It appears to be a PUP.

They didn’t explain what threw the flag. We can usually install third-party applications without issue.

Chris O.
Brooklyn! NYC

Have never heard of what a PUP is and the definition is apparently: “PUP’s or PUA’s are Potentially Unwanted Programs (or Applications)”.
Here’s the list of criterias which malwarebytes uses to determine PUP’s:


I also had to uninstall ActivityWatch at work because the IT departments virus scan services were complaining:

This was version 0.8.4 though. Is there any chance this would be better with 0.9.2?


There is likely no difference in 0.9.2.

We can’t do anything about virus scanners invalidly reporting the application as a virus except for contacting the company developing the anti-virus software and telling them that it is a false positive (which you usually have to do once for each version and that’s takes a huge amount of effort to do, especially considering how many anti-virus programs there are out there).

I am not sure whether something changed, but Win 10 security is reporting aw-qt.exe as potentially unwanted application, which is definitely not the same as reporting it as a virus.
It means, that it evaluated the behavior of the application and it considers what it does as a dangerous behavior (for example from the privacy point of view or accessing system things regular apps shouldn’t access).
As other tracking apps are not labeled this way, the question is what Activity watch does, that it triggers these detectors.
Seems like Win security is not the only one detecting some suspicious behavior in the exe either.

This has unfortunately been the case for long, it’s just that people have uploaded false positives to antivirus vendors and it got removed. But then again after each activitywatch update they often pop up again and it goes all over again.
We can’t do much about it since antivirus vendors very rarely tell developers why they detect it as malware, which I guess makes sense from their point of view as then actual malware would be able to know how to avoid being detected as malware.

I think the follwing issue is the most up to date: