Home / GitHub Page

Symantec Flagged Heuristic Virus

Upon installation of Joplin 1.0.220 (prod, win32) on my Windows 10 Pro machine, Symantec Endpoint Detection flagged a file (Heur.AdvML.B) as Malware with a sub category being Heuristic Virus. I tried to see if anyone else’s AV flagged this for Joplin, but I wasn’t able to find anything. It appears there are other open source projects on GitHub that have run into this issue as well due to a lack of code-signing certificates. I’m fairly confident this is a false-positive, but I do think the issue should be addressed. If there is anything I can do to help resolve the issue, please let me know. I look forward to the challenge.


Where was this file located? It’s possible that you have malware on your system and it is injecting it’s files into different folder.
Also, how did you install Joplin?

I searched for this file on my machine (ubuntu) and didn’t find anything matching under Joplin installs.

We had an instance of false positive before, I forgot with which virus scanner. In the popup that tells you it’s a virus, is there any link to submit that it’s a false positive? Anti-virus vendors usually act in this feedback.

The windows app is signed actually but I guess their heuristic doesn’t take this into account.


My AV is Symantec Endpoint Protection. The image contains all the details that the AV provided me. I installed originally using the Windows installer found on the GitHub repo and used the in-app update notifications to download the new updates. I’m just curious what this file’s intended purpose is in the first place. I was still able to use Joplin effectively even after my AV removed the file. Additionally, I wasn’t able to find any additional threats on my computer with a full scan.

It might also be worth mentioning that my AV flagged and deleted the file during the installation update, so I wasn’t able to determine an actual path to the file.

@laurent I’ll look to see if there’s a way to submit feedback.

UPDATE: I uploaded a false positive submission to Symantec (https://symsubmit.symantec.com/false_positive?lang=en). However, I wasn’t able to upload the actual file/installer because their form and URL submissions limit to 100MB. I told them to contact me if they needed more details.

1 Like