Installed on dozens of millions of devices, uTorrent remains the go-to torrent client for people all around the world.
Research last year showed that roughly two-thirds of all BitTorrent users prefer it over the many available alternatives.
In 2018, the uTorrent team released a “Web” version of the software. For now, however, most users still prefer the standalone client. That is, if they manage to run it without anti-virus vendors getting in the way.
Over the past few years, uTorrent has been repeatedly flagged as ‘malicious’ software. This issue flared up again recently and at the time of writing several anti-virus tools, including Windows Defender and Malwarebytes, label the torrent client as dangerous.
We ran the latest installer through a Virustotal scan which shows that uTorrent is flagged by 19 separate companies. The reasons differ from “riskware,” through “Trojan.BtcMine,” to “bundled installer.”
Microsoft, for example, categorizes uTorrent as a “Potentially Unwanted Application” (PUA). In fact, the company has had a dedicated uTorrent page in its malware database for years, labeling the software as a severe threat.
Potentially Unwanted Software
While the exact nature of the problem may vary, “potentially unwanted software” is a recurring theme. The term unwanted is broad can range from changing browser settings to installing third-party tools without permission. According to Microsoft, this is not the same as malware.
That doesn’t mean that the impact isn’t real. We have heard from several people who had uTorrent removed from their systems recently, and are unable to re-install it. Several of these complaints appear on social media as well, with people looking for advice.
qBitTorrent is Unwanted Too
Interestingly, uTorrent isn’t the only torrent client being flagged as potentially unwanted software. Earlier this month qBitTorrent was added to Microsoft’s malware database as well. While it’s not malware, but a PUA, Windows Defender actively blocks and removes the software.
This has resulted in numerous complaints on Reddit as well as the qBitTorrent GitHub page, with people sharing similar experiences.
“Windows Defender keeps silently removing the software despite being explicitly allowed on the machine,” athelas64 writes. “After allowing the quarantined software, qBittorrent works…. until the next restart.”
Another commenter wonders whether this is an organized action against torrent clients. This is not unlikely as many other torrent clients are being flagged as unwanted software as well. In fact, Microsoft itself suggests as much.
All Torrent Clients Are Unwanted?
In a background article on what’s considered unwanted software, torrent clients are specifically mentioned, along with advertising software and cryptominers. The article suggests that it applies to “enterprise” only, but the complaints we have seen apply to other Windows versions as well.
Microsoft’s article stresses that unwanted software isn’t the same as malware, but that isn’t mentioned in its own malware encyclopedia. Also, Windows Defender classifies PUAs as a ‘severe threat’.
When we ran uTorrent through the Virustotal scan many red flags appeared but qBitTorrent is pretty much clean. This suggests that Microsoft’s blocking could simply be due to the fact that it’s a torrent client, nothing else.
Although we do not recommend ignoring anti-virus warnings, there are ways to install uTorrent and qBitTorrent without running into trouble. One option is to disable the PUA protection in Windows, which can be done in a few clicks. Alternatively, users can simply switch to third-party anti-virus protection, which disables Windows Defender.
We have asked the uTorrent and qBitTorrent teams for a comment on our findings but, at the time of writing, they have yet to respond.
Microsoft informed TorrentFreak that torrent clients are indeed blocked as PUA’s on enterprise machines. However, there are other PUA criteria that may block the applications in other environments.
“We detect torrent applications for enterprise machines per our PUA criteria. Other criteria may trigger the detection of these applications on a consumer platform or the environment in which the detection is happening may be considered an enterprise environment,” a Microsoft spokesperson informed us.