Hello Team,
I recently updated to v2.14.17 and whenever I open the desktop app, I get a warning from Windows Defender saying that there is a severe threat found and quarantined. When I check the Defender Logs, it quarantined due to a potential backdoor. Also, whenever I get the warning, Joplin desktop app also gives and error about a plugin. I wonder if this is because a false positive from the Windows Defender side or it is about my system which might potentially infected and causing this issue.
Hello, 100% of virus reports for Joplin so far have been false positives, so the best thing to do is to report it to Microsoft. Usually they have a link somewhere to do this.
This might be the issue, and I looked for the f753..md file but couldn't find probably deleted by the system. At least, I don't get any warnings anymore
It's in the tmp folder, which if I'm guessing correctly, means it's something you'd opened with an external editor. Once the editor is done with the file the file gets deleted from the harddrive and added back into the proper database, since Joplin doesn't store the notes as .md files normally.
Defender itself usually won't delete something without permission, it'd quarantine it and let the computer admin decide what to do; which makes me think it's Joplin itself that deleted the file.
It's really unexpected an .MD file would be capable of very much, especially in this context; unless as above, it has something being interpretted as a payload such as the EICAR string (but it likely won't be literally this since you'd assume that one would be named explicitly by Defender if so).
