Bug report #21600
PDM:Trojan.Win32.Generic in qgis-bin.exe & qgis-bin-g7.exe by Kaspersky Endpoint Security 10 For Windows
| Status: | Closed | ||
|---|---|---|---|
| Priority: | Normal | ||
| Assignee: | - | ||
| Category: | Python plugins | ||
| Affected QGIS version: | 3.4.4 | Regression?: | No |
| Operating System: | Windows 7 64bit | Easy fix?: | No |
| Pull Request or Patch supplied: | No | Resolution: | invalid |
| Crashes QGIS or corrupts data: | Yes | Copied to github as #: | 29416 |
Description
Using Python plugin included. Work of plugin is walking directory tree contains hundreds of *.qgis project, read each project found and export few selected vector layers datas into GeoJson files.
After processing number of *.qgis files, Kaspersky kill qgis-bin.exe (or qgis-bin-g7.exe) process and move file into quarantine due to identify PDM:Trojan.Win32.generic.
Number of processed projects before kill by Kaspersky is different every run. Sometime it's about 30 another time more than 100.
I've confirmed this behaviour for 3.4.4-1 Madeira and 3.6.0 Noosa.
ibitexport.zip (35.5 KB)
kaspersky_report.txt 
(7.18 KB)
Related issues
History
#1
Updated by Giovanni Manghi over 5 years ago
- Status changed from Open to Feedback
I fail to see what is the QGIS issue here (that is tagged as infected by AV software?).
#2
Updated by Michał Klawon over 5 years ago
Direct scan by AV Kasperski did not found any infections in qGis files. Looks like heuristic AV scanner stops *.exe because actions taken by plugin seems like try to data theft...
Issue to close, this isn't qGis fault.
Maybe leave as info for other users using qGis together with AV software :-)
#3
Updated by Giovanni Manghi over 5 years ago
- Resolution set to invalid
- Status changed from Feedback to Closed
#4
Updated by Jürgen Fischer over 5 years ago
- Duplicated by Bug report #21752: qgis-ltr-bin.exe is eliminated by antivirus added
#5
Updated by Jürgen Fischer over 5 years ago
- Related to Bug report #21024: infected windows installer? added