My Roon core running on my Win10 computer just disappeared, and then my Kaspersky antivirus is telling me the rooninstaller is infected with a trojan.
I then downloaded from the Roon Labs website and again Kaspersky is telling me the download is infected.
Any comment from Roon Labs? Has their site been hacked?
Mike
Hey @Michael_Cooper,
This is a false positive, which can happen from time to time as mentioned by our COO Danny here:
https://community.roonlabs.com/t/trojan-in-roonbridgeinstaller64-exe-false-positives/40557/11
The best solution is to whitelist Roon with Kaspersky and you shouldnāt have any issues.
Thanks!
Dylan
I tried to update my clients to the latest version. Both of them have Kaspersky Antivirus Free installed.
On both clients the install fails and KAF reports a ransom trojan in the Roon installer:
This is a false positive detection. Please see Roon Installer for Windows - Infected with a trojan.
This comes up often.
https://community.roonlabs.com/t/roon-installer-for-windows-infected-with-a-trojan/47867/2?u=ged_hickman1
I use Kaspersky and Iām getting a message that Roon āApplication performing dangerous activity characteristic of malwareā
Detected: PDM:Trojan.Win32.Bazon.a
Should I be concerned? If not anyone know how to tell Kerpasky that all is ok?
Thanks in advance!
Your the 2nd one this week. Itās fine.
Hey @James_Austin,
This is a false positive, which can happen from time to time as mentioned by our COO Danny here:
https://community.roonlabs.com/t/trojan-in-roonbridgeinstaller64-exe-false-positives/40557/11
The best solution is to whitelist Roon with Kaspersky and you shouldnāt have any issues.
Thanks!
Dylan
Hi all, this is my first post on here.
After using Roon for some months now Kaspersky Internet Security (Version 18) today decided that Uninstall.exe in file location - C:\Users\Name\AppData\local\Roon\Application\100400310\ was a virus which contained the above and has quarantined it. I donāt know why it has suddenly decided this and am unsure if itās a false Positive? I am obviously reluctant to restore the file to itās original location just in case it has been infected.
I am running Windows 10 64bit and this is the first time since installing it that any virus has been flagged. My Core/Library is installed on my QNAP. The Roon interface still runs okay on my laptop which is not surprising as itās the Uninstall.exe thatās been quarantined.
Any help with this would be greatly appreciated. Hope Iāve posted this in the right place. @support
It not the first time this has been asked. Itās a false positive.
My Win 10 with Kaspersky also removed the Uninstall.exe was i a virus and removed it. Now you say it is a false positive, so I tried to restore the file, but as soon it is restored Kaspersky removes it again. How do I stop Kaspersky from removing it again?
Try this: How to create an exclusion rule in Kaspersky Internet Security 2016
Hi Martin, thanks for your response, itās a bit more reassuring but a pity that we have to basically carry out a work around. I appreciate that the issue is likely to be a false positive by Kaspersky but it would be better if it could be resolved.
It can be difficult to find answers on the forums as they obviously grow longer by the day but itās great to know so many people are contributing.
Your response and assistance is much appreciated!
Antivirus programs look for a virus signature not the whole virus program. Sometimes antivirus software will find a signature in legitimate programsāthis is a false positive. Moreover, because viruses are getting more elaborate (polymorphic and metamorphic) heuristic (self-learning) techniques are used to identify viruses. This tends to have more false positives.
So, thereās very little Roon Labs can do other than ensure their code is clean and safe at the point of download. You may find Windows Defender is more effective and less resource hungry than add-on antivirus packages.
I had a lot a trouble with Kaspersky. I changed to Norton; all problems solved.
May be a silly question but, DO you even need to worry about the Uninstall.exe being deleted? Would you even need the program?
Iām personally wary of Kaspersky in view of itās Russian connections. I have been very happy with WebRoot, which probably just means my data gets routed through the NSA before getting to the FSB. WebRoot gets excited every time I upgrade to a new build in Roon, but hasnāt identified anything in Roon as a virus.
bearFNF, as a lifetime member I agree that I am extremely unlikely to leave Roon and therefore need to use the uninstall facility. However, there are times that a program needs to be uninstalled then reinstalled due to software conflicts with other programs etc. For this reason I would prefer that the file is not removed from the program.
Thanks andybob for your suggestion, I may look at WebRoot in the future.
Iād like to add that āGen.hryā at the end of the āvirusā name means Generic Heuristic, that is Kaspersky didnāt even find any virus signature in this file but its heuristic engine thought that this file had some functions or was constructed like other Trojan Ransom viruses. This heuristic engine was designed to catch new viruses before the virus signature is available. So, on the assumption that we trust Roon itās false positive. My Kaspersky also quarantined this file.
Or maybe this file is responsible for the membership fees we pay to Roon. 
