Yt-dlp Trojan Alert

[pjcrown]

On downloading the last couple of versions of yt-dlp.exe, I keep getting severe Trojan alerts from Microsoft Defender. Is this a false positive?

[october262]

yes, it is a false positive.

[pjcrown]

Thanks, better safe than sorry these days.

[notaghost]

Where did you downloaded it from?

[pjcrown]

I downloaded the exe file from Videohelp like always. The zip file with the source files from the author's site was okay. I'm also running Windows 10 with Defender.

[lomero]

yes, it is a false positive.
not only from this latest version, but already from previous versions you had this false warning.

[hydra3333]

I feel reassured now that 2 anonymous users on the internet, one running "windows xp home sp2" say that code detected as a Trojan by (multiple) antivirus tools is OK.

You have a chinese bridge to sell ? OK I'm in, how much ?

[codehound]

You need to be downloading from the original source releases page. (Not videohelp or anywhere else.)
https://github.com/yt-dlp/yt-dlp/releases

For any issues contact the developer, Pukkandan, directly on Discord. There are no trojans in yt-dlp. Period.
yt-dlp-help channel
https://discord.gg/u9XrQgJU

[hydra3333]

Thank you for the information,

In fact, I did download it from there and it passed Windows Defender as OK for some days and then ... snap, it was detected as a serious trojan.

I also submitted it to virustotal which showed one other antivirus tool also made a detection.

I would really love for ydl-dlp to be good and reliable, however the choices are:
a) look at antivirus tool (paid and free) results an run with them
b) rely on, essentially anonymous, usernames on the internet who claim it's OK

It may well be OK !
But it would still be more than silly to trust anonymous claims.
Any, and every, security person on the planet will tell you that.


EDIT:
and having said that ... it's now deemed as OK by the latest Win Defender signatures, go figure.

Virustotal yields one flag from "webroot" a/v as detecting "W32.Trojan.Gen", so choose your poison One could suggest trusting the major a/v tool findings ?

And also ... yt-dlp_min.exe throws 3 detections, Yandex="Trojan.PWS.Disco!TadePtqLG+s" Jiangmin="Trojan.PSW.Python.eo" SecureAge APEX="Malicious"

microsoft safety scanner
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safet...anner-download
lets it pass.

[notaghost]

You can look into the source code (if you know python) and compile yourself
https://github.com/yt-dlp/yt-dlp#compile
reports on false positive:
https://github.com/yt-dlp/yt-dlp/issues/25
Or you can run it directly through python
Python -m yt_dlp
Or you can debug network activity of yt-dlp to see it's Trojan activities or debug the python file
If .exe's are a problem for you then you can install it with pip

there can be False Positives with anti viruses. if yt-dlp has harmed your pc in any way then we can talk or you can open GitHub issue I am sure they will respond. if you do not have solid proof please do not stop others from using open source project.
If you still do not trust it. Don't use it then I guess

[hydra3333]

if you do not have solid proof please do not stop others from using open source project.
If you still do not trust it. Don't use it then I guess

Thank you for the good information.

In regard to the 3rd last sentence, every security IT person would advise to the contrary ! Avoid on suspicion. Also, detections by reputable industry standard a/v companies constitutes solid proof vs reassuring statements by anonymous and unaccountable internet usernames who may in fact be a foreign state actor (not saying you are untrustworthy ... however social engineering is still a primary attack vector).

The final 2 sentences are what every security IT person would advise to act on.

Nothing against yt-ydl, as soon as it clears a hurdle or two then I'd be inclined to look at it.