Malwarebytes warning of Trojan Activity in Syncthing

Hi Everyone, Just installed and been using Syncthing and am loving it :slight_smile: Today I got a popup from my Malwarebytes Antimalware telling me there was “Trojan Activity” linked to Syncthing and I wanted to run it by the developers so they can let me know if it is a false positive. If it is I will need to tell the Malwarebytes team that this is the case but they will likely ask questions so I wanted to be sure. Running the latest version. below are some screenshots of the alert:


The given IP address and port number matches a known relay server. Syncthing automatically connects to different relay servers by default, to have them available, if direct connections fail.

Connections to relay servers are safe, but relays are hosted by third parties. This means that their IP addresses can have bad reputations, for example because they also host Tor nodes, Spamservers or whatever. This is outside of the control of the syncthing project.


Many thanks for that - A lot to learn!!

I only need local LAN sync so have disabled Relays and Global Discovery and NAT traversal and this should stop these messages hopefully (as well as harden my configuration).

Many thanks for the steer in the right direction :slight_smile:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.