Plex HTPC - Win32/DefenseEvasion.A!ml - Defender quarantined Plex HTPC exe as severe

Plex Players Desktop Players
1

Just updated to latest ver Plex HTPC and got the following virus found by Windows Defender in Plex HTPC exe.

Win32/DefenseEvasion.A!ml

Playing a locally made video file 10 minutes in.

Anyone else ?

Windows Defender (Win 11) has quarantined Plex HTPC exe and a few other Plex HTPC files.

It is not the video file.

Something in the new update as Defender has had no issue prior to installation of the update today.

Suspect a false positive but something has changed in the Plex HTPC exe that is causing the detection.

Edit - have submitted the results to MS for evaluation. On chat atm.

Edit 2 - virus submission reports escalated to Level 2 at MS. Remote calls appear to be the issue.

Updating to Latest Version removes PlexHTPC
2

Same for me yesterday, however flagged as a different virus.

Trojan:Win32/Bearfoos.A!ml

Affected paths attached.

image
image875×293 9.71 KB

Have we heard anything from Plex directly regarding this?

This occurs whilst carrying out an inplace upgrade and clean install with fresh .exe download.

Nath

1 Like
3

I can’t reproduce these results here.
Are you using Plex servers which are hosted in a datacenter, perhaps?

4

Self hosted, running Mint 21.

I can gather any info you require if you wish., client or server.

5

The platform isn’t important. Just the network location of the server.

6

No problem

7

Same.

I submitted the threat results and Plex details to my case with MS.

Suspect it is most likely a false positive.

8

I actually successfully installed the new version and got 10 minutes into a video before Defender flagged the threat to the Plex HTPC exe and link.

Defender automatically quarantined the exe and link which killed Plex HTPC.

This has actually happened to other users earlier this year (google search on Reddit).

Edit - even though likely a false positive this is the first ever virus/Trojan threat alert I have had on any computer I’ve owned in decades of using computers.

9

Anything new on this? Is it still flagged? I haven´t updated to the newest version because of this.

10

I have played videos for hours. HTPC was never flagged as a virus by Windows Defender.

11

The issue is trojan detection, not a virus.

The new version does something unexpected by Defender that did not occur in the previous version.

Others have noticed the issue as well. The fact that not everyone experiences this is also an issue. Not atypical with trojan detection and/or false positives.

12

potato, potahto.
It wasn’t flagged.

13

Not at all actually.

The behaviour is totally different and most likely the reason for the false positive.

However, one would hope that given a number of us have posted a positive detection, Plex should have submitted the exe to MS for approval in definitions.

The fact you didn’t see any detection is part of the issue.

14

Hmm, I finally updated to the latest version and watched a movie, without any windows defender interrupts. I also did a forced virus scan on the install folder of Plex HTPC… nothing. I guess it’s not a problem I can reproduce either.

15

Perhaps definition updates have come through to update the issue.

I’ve had a dozen since the issue occurred.

As I said earlier, users in Reddit reported the same issue back in March.

16

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.