Do you think this is a false positive or a real threat?


Same for me, defender removed something and now Libreoffice not working


Uninstall “Windows Defender” or wait … better uninstall “Windows 10”!

Compared to stackoverflow, this place has a really different definition for answer.

Sorry, but with the lack of information from where you download LibreOffice nobody can give a clear advice…

Most probably its False positive !!

Sry, I tried to edit my post, but cannot. I do not know where the LibreOffice is downloaded from. Most Likely from the official site, because out marketing assistant downloaded it and she wouldn’t know where else to search.

In my case I installed directly from LibO when it recommended in Help to update to latest version. The documents I was working on when it stopped were all my own not downloaded from anywhere.

@Ron05: your problem is M$E/WinDefender. Quit using it.

I would uninstall or at least disable Defender, and install Panda free. Then reinstall LO.

Même punition depuis ce matin.

Après désinstallation et réinstall de libre office, même message de defender.
J’ai passé MByte sans pb.

En espérant qu’il s’agit bien d’un faux positif, et faute de mieux, j’ai mis ‘soffice.bin’ dans les exclusions via les paramètres de defender et ça fonctionne, mais c’est tout de même bizarre et embêtant qu’une simple mise à jour de defender plante libre office.

En espérant que ça aide.

EDIT 16:00

Après nouvelle maj de Defender, l’alerte a disparu.


After updating Defender, the alert has disappeared.

I tried to reproduce the issue by downloading latest updates for windows defender, but do not see the problem. Using LibreOffice 64 bit on windows 8.1.

Latest Windows defender update installed was Created on 20 Oct 2016 at 06:15.

Previous version I had was 1.229.1970.0. Suspect I skipped the bad version.

Suspect this was a false positive from windows defender that has been corrected in latest updates. Maybe others could confirm the version of windows defender updates causing the problem.

For those affected, I think update windows defender and then re-install your LibreOffice to repair any component that might have been removed.

From the event log, the ‘bad’ version appears to be (or at least include):

Signature Version: AV:, AS:, NIS:
Engine Version: AM: 1.1.13202.0, NIS: 2.1.12706.0

Having now updated the definitions to it is no longer marked as infected.

This morning I have the same problem (Windows 10) and now my LO 5.1 doesn’t work.

Windows defender:
Versione client antimalware: 4.10.14393.0
Versione motore: 1.1.13202.0
Definizione antivirus:
Definizione antispyware:
Versione motore Network Inspection System: 2.1.12706.0
Versione definizione Network Inspection System:

Categoria: Trojan

Descrizione: Questo programma è pericoloso ed esegue comandi ricevuti dall’autore dell’attacco.

Azione consigliata: Rimuovi questo software immediatamente

file:C:\Program Files (x86)\LibreOffice 5\program\soffice.bin

The same happened to me: yesterday I reinstalled LibreOffice_5.1.5_Win_x86.msi on my Win7 PC and only then could I access my ODF documents. Again, this morning MSDefender showed the same dialog as Gjordis (see above). Today I will update MSD and reinstall LO5.1.5 again … Maybe a False Positive, see also

The same for you, quit using that piece of shit M$E.

My PC sent loads of Phish until MSE quarantined LO 5.1.5 - I got 6 “mail delivery failed” messages this morning.

The email was:


There is something important I need
to tell you, that you’d really like
to hear, so please read it here
/edit:probably spam-url removed /edit by karolus

Cheers, daniel.karger

I’ve installed 5.1.4 and MSE doesn’t object.

I’m putting this here as well as in a comment to the first post to make sure that people see it.

You need to quit using that piece of shit called M$E/WinDefender and use something else, such as Bitdefender (we’ve mostly used Avast but tests have shown it’s worse than the reputation says, where Bf has been nearly perfect, so I’m planning migration). Although Spybot Search & Destroy is great, its module called Tea Timer wastes CPU with its realtime monitoring so don’t activate that.

If you insist on using LO Still versions, take it from !

CONTINUATION: Any malware alert about without separate warning is a false positive.