I am writing to report a critical security issue with your latest Windows installer package.
My security system and VirusTotal.com have detected and flagged a Trojan virus embedded within the executable file. Please verify the integrity of your current build and investigate a potential compromise of your distribution pipeline immediately.
Looking forward to your swift response and confirmation of a clean release.
Thank you for taking the time to report this — we understand why a security flag can be alarming.
After reviewing the VirusTotal results you shared, we can see that only 2 out of 42 security vendors flagged the file, while the remaining 40 found nothing. This is a classic false positive — a situation where antivirus software incorrectly identifies a legitimate file as malicious based on superficial pattern matching rather than actual malicious behavior.
A few points to reassure you:
The Roon installer is digitally signed by Roon Labs — you can verify this by right-clicking the file → Properties → Digital Signatures. A valid signature confirms the file has not been tampered with
The two vendors that flagged it (Jiangmin and VBA32) are known to produce a higher rate of false positives, particularly with NSIS-based installers. Major engines such as Microsoft Defender and Bitdefender — none of which flagged this file — are far more reliable indicators
We checked older Roon installer builds and the same two vendors flag them identically, regardless of version. This confirms the detection is a persistent false positive specific to these engines and not indicative of any actual threat
