Syncthing flagged as malware when executed

Hi! New to Syncthing here. I’ve tried downloading version 1.27.5 of the Windows app, both the basic one and the wrapper from these links:

Both of them are getting flagged by Microsoft Defender SmartScreen when started as unrecognized, potentially unsafe apps. Was wondering if it’s some kind of signature issue of sort and if it was to be expected. I’ve searched a bit online but found nothing recent.

A Microsoft SmartScreen warning does not mean that it was “flagged as malware”.

One of the factors Microsoft uses in SmartScreen metrics is the number of downloads of a specific binary. If only a few Windows computers are known to be running this binary, the “untrusted” factor is higher, which may trigger SmartScreen warnings. Once more computers have downloaded the binary, the warning disappears.

Given that 1.27.5 has only been released a few hours ago, the “untrusted” factor for SmartScreen is likely still high. It will probably decrease in the next few days, likely supressing the SmartScreen warning.

Also see Microsoft Defender SmartScreen overview - Windows Security | Microsoft Learn

PS: As far as I know, digitally signed Windows binaries have a much higher base “trustedness” for Windows SmartScreen and are much less likely to trigger SmartScreen warnings compared to unsigned binaries. The syncthing binaries are properly code signed, so either Microsoft has changed their internal scoring system, or perhaps your computer couldn’t validate the signature. What does it say when you right click on the binary → Properties → Digital Signatures?

Sorry for the late reply. It still happens. Message is (transalated from italian): “Windows Defender SmartScreen prevented an unrecognized app from starting warning” So yeah might just be a reputation thing. In the digital signatures section of the binary I have two valid keys from Stiftelsen Syncthing with date April 2nd 2024

I am in the same boat with Malwarebytes. I get a Trojan warning.

Report these as false positives to the vendor(s).

1 Like

I also use Malwarebytes and I agree that they flag it. Go into the settings for Malwarebytes and set up an exception and you will be able to use the software without a problem.

Malwarebytes also likes to complain about relay servers and if you do not need or use relay servers turn off that feature in the software and Malwarebytes won’t complain.