Since June 30, I believe, Kaspersky is flagging Syncthing as “not-a-virus”, but deletes the executable every time I try to restore and run it. Below are the exact details Kaspersky gives me.
"Deleted legal software that can be used by criminals to damage your computer or personal data not-a-virus:NetTool.Win32.TorJok.aa C:******\syncthing.exe Low "
I reported this to Kaspersky on 1st July with ticket ID KLAN-6471820464. Other than the auto-reply I’ve had nothing back. Perhaps, with you as a paying customer, they’ll actually put some effort into resolving the problem?
I’m still encountering the same behavior with Kaspersky Endpoint Security 10 for Windows.
I’ve reported it today as well but this can take time, obviously.
My workaround currently is to downgrade to syncthing version 0.14.29 (with the file syncthing-windows-amd64-v0.14.29.zip).
This version is not removed by Kaspersky (as of now), v.30, .31, and .32rc2 are removed.
I hope Kaspersky doesn’t add v.29 to their signature database…
I wonder if it’s something stupid like more malware being written in Go and their signatures actually triggering on parts of the runtime, or something like that.
Just a heads up. Nod32 has been flagging the Windows x64 build of syncthing.exe (v0.14.32-rc.2) as an infection for the past 36 hours or so. It’s reporting it as ‘a variant of Generik.BVOAMLP trojan’. I’ve just sent off a false positive report to samples@eset.com, so hopefully they will investigate and fix their definitions soon.
As this isn’t a bug a such, I thought it best to let you guys know here rather than on GitHub.
It’s been over a month and Kaspersky is still blocking syncthing. I’ve reported the issue a number of times to Kaspersky, but so far there has been no progress. Is anyone else still having issues?