Ask Your Question

Do you think this is a false positive or a real threat?

asked 2016-10-20 09:14:10 +0200

Gjordis gravatar image

image description

Sorry about the crop.

Got this scan result from Windows Defender, do you think this might be a false positive, contamination from an external source or rtf-document etc or bad download of libre-office from somewhere?

edit retag flag offensive close merge delete


Libreoffice stopped working and I got the same warning from Windows Defender this morning, under W10, wonder if it is a false positive as well.

javibi gravatar imagejavibi ( 2016-10-20 09:41:49 +0200 )edit

I have just had the same issue Libreoffice stopped whilst i was working on a document and Defender said I was infected as above. Then told to restart PC as threat was severe. Did so and now Libreoffice not working. Worried to install LOffice again in case same thing happens. Hasd updated LOffice on the 2nd Oct

Ron05 gravatar imageRon05 ( 2016-10-20 10:16:11 +0200 )edit

I have just had the same problem on Win 7 with microsoft security essentials. I was running LO 5.1.5. My wife's PC has LO 5.1.2 again on Win 7 and mse reported no problems.

mdg gravatar imagemdg ( 2016-10-20 13:26:48 +0200 )edit

I also received this notification from Microsoft System Center Endpoint Protection. I installed the Still version of LibreOffice from the LibreOffice web site a few days ago. I have been noticing problems getting Microsoft Excel to close yesterday and also once or twice LibreOffice apps.

Jeff_Engineer gravatar imageJeff_Engineer ( 2016-10-20 17:09:02 +0200 )edit

My PC sent loads of Phish until MSE quarantined LO 5.1.5 - I got 6 "mail delivery failed" messages this morning.

I've installed 5.1.4 and MSE doesn't object.

mdg gravatar imagemdg ( 2016-10-21 14:56:27 +0200 )edit

9 Answers

Sort by » oldest newest most voted

answered 2016-10-20 11:48:34 +0200

karolus gravatar image

Uninstall "Windows Defender" or wait … better uninstall "Windows 10"!

edit flag offensive delete link more


Compared to stackoverflow, this place has a really different definition for answer.

Gjordis gravatar imageGjordis ( 2016-10-20 11:56:32 +0200 )edit

Sorry, but with the lack of information from where you download LibreOffice nobody can give a clear advice…

Most probably its False positive !!

karolus gravatar imagekarolus ( 2016-10-20 12:05:56 +0200 )edit

Sry, I tried to edit my post, but cannot. I do not know where the LibreOffice is downloaded from. Most Likely from the official site, because out marketing assistant downloaded it and she wouldn't know where else to search.

Gjordis gravatar imageGjordis ( 2016-10-20 12:21:27 +0200 )edit

In my case I installed directly from LibO when it recommended in Help to update to latest version. The documents I was working on when it stopped were all my own not downloaded from anywhere.

Ron05 gravatar imageRon05 ( 2016-10-20 12:35:06 +0200 )edit

@Ron05: your problem is M$E/WinDefender. Quit using it.

rautamiekka gravatar imagerautamiekka ( 2016-10-21 18:37:53 +0200 )edit

answered 2016-10-20 13:06:27 +0200

paul1149 gravatar image

I would uninstall or at least disable Defender, and install Panda free. Then reinstall LO.

edit flag offensive delete link more

answered 2016-10-20 17:18:24 +0200

mark_t gravatar image

I tried to reproduce the issue by downloading latest updates for windows defender, but do not see the problem. Using LibreOffice 64 bit on windows 8.1.

Latest Windows defender update installed was Created on 20 Oct 2016 at 06:15.

Previous version I had was 1.229.1970.0. Suspect I skipped the bad version.

Suspect this was a false positive from windows defender that has been corrected in latest updates. Maybe others could confirm the version of windows defender updates causing the problem.

For those affected, I think update windows defender and then re-install your LibreOffice to repair any component that might have been removed.

edit flag offensive delete link more


From the event log, the 'bad' version appears to be (or at least include):

Signature Version: AV:, AS:, NIS:
Engine Version: AM: 1.1.13202.0, NIS: 2.1.12706.0

Having now updated the definitions to it is no longer marked as infected.

thnz gravatar imagethnz ( 2016-10-21 01:44:07 +0200 )edit

answered 2016-10-20 10:49:44 +0200

KK gravatar image

Same thing happened here about an hour ago. Defender detects this as threat and put that file in to quarantine. No way to open my Libreoffice files. Avast is still scanning my disk at the moment, but I think that's a false positive.

edit flag offensive delete link more



rautamiekka gravatar imagerautamiekka ( 2016-10-21 18:37:05 +0200 )edit

answered 2016-10-21 10:33:11 +0200

This morning I have the same problem (Windows 10) and now my LO 5.1 doesn't work.

Windows defender: Versione client antimalware: 4.10.14393.0 Versione motore: 1.1.13202.0 Definizione antivirus: Definizione antispyware: Versione motore Network Inspection System: 2.1.12706.0 Versione definizione Network Inspection System:

Categoria: Trojan

Descrizione: Questo programma è pericoloso ed esegue comandi ricevuti dall'autore dell'attacco.

Azione consigliata: Rimuovi questo software immediatamente

Elementi: file:C:\Program Files (x86)\LibreOffice 5\program\soffice.bin

edit flag offensive delete link more

answered 2016-10-21 11:59:29 +0200

The same happened to me: yesterday I reinstalled LibreOffice_5.1.5_Win_x86.msi on my Win7 PC and only then could I access my ODF documents. Again, this morning MSDefender showed the same dialog as Gjordis (see above). Today I will update MSD and reinstall LO5.1.5 again ... Maybe a False Positive, see also

edit flag offensive delete link more


The same for you, quit using that piece of shit M$E.

rautamiekka gravatar imagerautamiekka ( 2016-10-21 18:34:50 +0200 )edit

answered 2016-10-21 15:03:50 +0200

mdg gravatar image

updated 2016-10-21 16:10:02 +0200

karolus gravatar image

My PC sent loads of Phish until MSE quarantined LO 5.1.5 - I got 6 "mail delivery failed" messages this morning.

The email was:


There is something important I need to tell you, that you'd really like to hear, so please read it here /edit:probably spam-url removed /edit by karolus

Cheers, daniel.karger

I've installed 5.1.4 and MSE doesn't object.

I'm putting this here as well as in a comment to the first post to make sure that people see it.

edit flag offensive delete link more


You need to quit using that piece of shit called M$E/WinDefender and use something else, such as Bitdefender (we've mostly used Avast but tests have shown it's worse than the reputation says, where Bf has been nearly perfect, so I'm planning migration). Although Spybot Search & Destroy is great, its module called Tea Timer wastes CPU with its realtime monitoring so don't activate that.

If you insist on using LO Still versions, take it from !

rautamiekka gravatar imagerautamiekka ( 2016-10-21 18:33:32 +0200 )edit

CONTINUATION: Any malware alert about without separate warning is a false positive.

rautamiekka gravatar imagerautamiekka ( 2016-10-21 18:34:03 +0200 )edit

answered 2016-10-20 14:33:45 +0200

TYB gravatar image

updated 2016-10-20 16:15:39 +0200

pierre-yves samyn gravatar image

Même punition depuis ce matin.

Après désinstallation et réinstall de libre office, même message de defender. J'ai passé MByte sans pb.

En espérant qu'il s'agit bien d'un faux positif, et faute de mieux, j'ai mis 'soffice.bin' dans les exclusions via les paramètres de defender et ça fonctionne, mais c'est tout de même bizarre et embêtant qu'une simple mise à jour de defender plante libre office.

En espérant que ça aide.

EDIT 16:00

Après nouvelle maj de Defender, l'alerte a disparu.


After updating Defender, the alert has disappeared.

edit flag offensive delete link more

answered 2016-10-20 10:53:02 +0200

IGraham gravatar image

Same for me, defender removed something and now Libreoffice not working

edit flag offensive delete link more



rautamiekka gravatar imagerautamiekka ( 2016-10-21 18:36:42 +0200 )edit
Login/Signup to Answer

Question Tools



Asked: 2016-10-20 09:14:10 +0200

Seen: 1,096 times

Last updated: Oct 21 '16