MS Defender keeps glaffing Joplin SQLLite as RemoteShell

tconnz · 17 January 2021 20:29

Hi Team,

The last 3 versions of Joplin have been crashing or doing an infinite sync.
I believe its due to MS Defender blocking/quarantining 'C:\Users\user.config\joplin-desktop\database.sqlite-journal'

Threat Detected: Backdoor:PHP/Remoteshell.F

Could this be due to the content kept in the journals? I play a lot of CTFs which require exploits etc. Hence why I encrypt Joplin as well.

Has been working fine with these payloads for 6+ months, now on the latest versions its blocking the SQLite DB itself.

Anyone else having this?

Installed Version: 1.67
Tested against previous two versions for Windows
OS: Win10 1909

laurent · 17 January 2021 22:38

If there are malware samples in your database you need to exclude the path in MS Defender settings, as the data won't be crypted locally.

tconnz · 17 January 2021 23:11

Cheers for the response Laurent. Makes sense, I was under the impression that it was encrypted locally so thats good to know as these remote shells are old/gameified so will always be flagged.

system · 16 February 2021 23:11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Windows Defender Quarantines Joplin.exe, Category: "Backdoor" Support	5	326	6 April 2024
Encryption not ready , How to do it? Support	1	441	28 October 2022
[Beta Test] Joplin 2.4.5 unable to activate end to end encryption Beta Testing	2	466	9 October 2021
Help! Support	6	418	24 August 2021
Joplin Freezing on Linux Distros Running Kernel 5.5 Bug Update Support	22	3512	15 June 2020

MS Defender keeps glaffing Joplin SQLLite as RemoteShell

Related Topics