Trojan in latest release?

I decided to give Syncthing a go, as it sounds like the perfect tool for a specific issue I’m facing.

However, upon downloading it, I get presented with two problems.

First, in the browser: image

And then, when I tell the browser to go ahead and download regardless:

I’m pretty sure that this is a false-positive. Just to make sure, but have you downloaded the Windows Setup from GitHub - Bill-Stewart/SyncthingWindowsSetup: Syncthing Windows Setup ?

My guess is that the service wrapper triggers this.

(what a steaming pile of shit this whole AV security theatre on Windows is)

1 Like

Yes, it is indeed downloaded from there.

I am also leaning towards false-positive, but I’m a bit too old (sensible? :thinking:) to just jump ahead without first checking with official sources :slight_smile:

You can skip the setup file and just use the official release:

Nice catch! Seems like 1.27.1 doesn’t contain the warning I got, so will test with that version first :slight_smile:

If you go through old issues at, you will see that these kind of false positive detections are nothing new. This is common for executables which aren’t digitally signed and are produced by unknown entities (i.e. not well-known software companies).

This is, indeed, a false-positive. I have submitted the 1.27.2 setup exe to Microsoft as a false-positive. From past experience this will probably get fixed in the next 24 to 48 hours.

1 Like

You can skip the setup file and just use the official release

Yes, but then you miss out on all the convenient automation from the Windows installer (which, incidentally, is the reason I built the installer in the first place :slight_smile: )

1 Like

The last few years there has been some news some botnet and other bad software is written in Golang. So those virus and malware scanner are probably false-positive detecting this.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.