MS Defender keeps glaffing Joplin SQLLite as RemoteShell

tconnz · 17 January 2021 20:29

Hi Team,

The last 3 versions of Joplin have been crashing or doing an infinite sync.
I believe its due to MS Defender blocking/quarantining 'C:\Users\user.config\joplin-desktop\database.sqlite-journal'

Threat Detected: Backdoor:PHP/Remoteshell.F

Could this be due to the content kept in the journals? I play a lot of CTFs which require exploits etc. Hence why I encrypt Joplin as well.

Has been working fine with these payloads for 6+ months, now on the latest versions its blocking the SQLite DB itself.

Anyone else having this?

Installed Version: 1.67
Tested against previous two versions for Windows
OS: Win10 1909

laurent · 17 January 2021 22:38

If there are malware samples in your database you need to exclude the path in MS Defender settings, as the data won't be crypted locally.

tconnz · 17 January 2021 23:11

Cheers for the response Laurent. Makes sense, I was under the impression that it was encrypted locally so thats good to know as these remote shells are old/gameified so will always be flagged.

system · 16 February 2021 23:11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Crazy encryption Support	1	77	25 October 2024
Windows Defender Quarantines Joplin.exe, Category: "Backdoor" Support	5	676	6 April 2024
Encryption not working? Support	3	615	19 February 2023
[Beta Test] Joplin 2.4.5 unable to activate end to end encryption Beta Testing	2	532	9 October 2021
Encryption Lounge	2	546	28 January 2021

MS Defender keeps glaffing Joplin SQLLite as RemoteShell

Related topics