Windows Defender alert

Hi,

I’m a long time Manictime user looking to maybe migrate to your product instead.

I downloaded the latest Windows install, and it triggered a Windows Defender alert;

Trojan:Win32/Bitrep.A on;

  • aw-qt.exe
  • aw-server.exe
  • aw-watcher-window.exe

Is this a known false positive?
I had a quick search, but couldn’t find any reference.

Cheers,
Andy.

We’ve had this before:

I’ve submitted it to Windows Defender Security Intelligence as a false positive. Thanks for reporting!

The Windows Defender Security Intelligence analysis said the files came back clean, are you using the latest malware definitions?

Just an FYI, there is also an issue with Norton (used for my work). Many of the AW Watcher files are being flagged as “Trojan.Gen.9” alerts (see screenshot).

I am manually adding exceptions (though my work may not like that, so we will see), but yeah, just a heads up. RescueTime is also installed, but not flagged, so there may be something that can be done there.

Edit: They are flagged as “Heuristic Virus” flags.

Possibly related - I had to uninstall it at work. It was just what I was looking for too. :frowning:

The security folks said:
The SOC received an alert indicating that a suspicious executable was detected on a host managed by your agency. It appears to be a PUP.

They didn’t explain what threw the flag. We can usually install third-party applications without issue.

Cheers,
Chris O.
Brooklyn! NYC

Have never heard of what a PUP is and the definition is apparently: “PUP’s or PUA’s are Potentially Unwanted Programs (or Applications)”.
Here’s the list of criterias which malwarebytes uses to determine PUP’s: https://www.malwarebytes.com/pup/

Hey,

I also had to uninstall ActivityWatch at work because the IT departments virus scan services were complaining:

https://www.virustotal.com/gui/file/719d89f30878809c3b8027fde40b7aea042cb9fcec373e9ba0384f79d76132f2/detection

This was version 0.8.4 though. Is there any chance this would be better with 0.9.2?

Cheers,
geka

There is likely no difference in 0.9.2.

We can’t do anything about virus scanners invalidly reporting the application as a virus except for contacting the company developing the anti-virus software and telling them that it is a false positive (which you usually have to do once for each version and that’s takes a huge amount of effort to do, especially considering how many anti-virus programs there are out there).