Kaspersky Reporting Malware Detected on Roon Installer [Answered False Positive - Whitelist Roon]

Today I received a notification from Kaspersky Anti-Virus about a malware on one of the Roon uninstall files:


Does anyone had a similar problem or was just me and I should be concerned?

Check out this Forum Search.

1 Like

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.


I’ve just tried to download RoonBridgeInstaller64.exe and it appears that Kaspersky Internet Security deletes this file as soon download is finished because it has found a Trojan in this file.
Trojan detected: UDS:Trajan-Ransom.Win32.Gen.hpa.
Does RoonBridgeInsatller64.exe could be really infected or is it a false detection?
Many thanks in advance for your answer.


You can check your copy of the file on virustotal to check if only one engine is detecting it (false positive) or the file is really infected.

Hi Pawel,

many thanks for the info.
I will check it.

Result: 3 engines are detecting it: Kaspersky, Zone Alarm and Tencent.

Adding @support so thay get notified.

Don’t assume that the file you downloaded is infected or indeed what you thought you downloaded. Given the insidious nature of this type of virus/ trojan one may already be at work on your PC. It’s best to be safe. Use Safe Mode to check processes etc. I rarely use Windows so can’t be more specific.

BTW, I downloaded RoonBridgeInstaller64.exe from roonlabs.com and it checked fine with Sophos.

Hi Martin,
I’m actually on my Fedora 24 computer and I’ve downloaded RoonbridgeInstaller64.exe with it and when i upload the downloaded file to https://www.virustotal.com/#/home/upload Ig et exactly the same result:
Trojan detected on 3/65 engines Kaspersky, Zone Alarm and Tencent.
Concerning my Windows computer I’ve made a deep analyse with Kaspersky and nothing has been detected on it.
Note that Sophos effectively detect nothing.

@support this could well still be a false positive but lets get the support boys aware so they can confirm this and if its all good take appropriate action with the virus repositories.

1 Like

That’s good to hear. You can’t be too careful, especially with ransomware.

Yes but it’s very amazing that just 3 antivirus engines detect it.
I’ve yet had problem of false positive with Kaspersky (corrected later) which is very protective.

not really, many use the same signatures

These are false positives, we run into them often with 2 of these 3 providers.

Whitelist it and move on. I wrote more on the subject here:

Hi Danny,

many thanks for the info. It is what I finally supposed as RoonBridge64 is running very well on my Windows PC player and didn’t get any attack. :wink:

I have had this exact problem with Bitdefender.

Norton is now doing the same thing. All of a sudden Roon would not launch.

Tried to re-install from RonnInstaller64.exe and Norton prevented the install and then deleted.


I had exactly the same problem today as well. I downloaded the software for windows 10 64-bit, and Norton prevented the installation and deleted the file immediately. Does anyone know what’s going on? Have the Admins at Roon been notified? It’s too bad because I was looking forward to seeing how this program works.

The Edge browser does the same thing, I had to use FireFox.

You can temporarily disable Norton, there’s nothing work with the download if you’re getting it straight from the Roon website.

We know and have asked Norton to add us to the whitelist, but it takes time. They keep breaking us every update.