Forum Discussion
System Center Configuration Manager : Trojan QGIS software false detection ?
Hi, I’m not sure where to report or ask about this alert, so I’m posting here. I use SCCM to deploy the software QGIS (an open-source GIS application) to users’ computers using .msi installers. Re...
Hi Doant
This looks like a Defender false positive, not an actual QGIS infection.
The detection name Trojan:Win64/ScarletFlash.ASA!MTB indicates a machine-learning–based signature, and the alert is triggered inside the MSI CAB, not by executed code. This is common with large MSI installers like QGIS / OSGeo4W.
SCCM scans source and content locations, so Defender can flag installers even before deployment.
What to do:
- Verify the MSI hash matches the official QGIS release.
- Submit the file to Microsoft as a false positive via:
https://www.microsoft.com/wdsi/filesubmission
(Select Incorrect detection and include the detection name.) - Optionally add a temporary Defender exclusion for the source path or file hash until signatures are updated.
Once Microsoft confirms it, updated Defender signatures will stop removing the installer.