Windows Defender Detects Official ChatGPT App as Trojan

Hello,

I’ve noticed that my Windows Defender Antivirus flags the official ChatGPT app from the Microsoft Store as a threat. Specifically, it is identified as “Trojan:Win32/Malgent!MSR”.

The flagged file is located at the following path:
E:\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe

I’m certain that this is the legitimate version of the app, as I installed it directly from the Microsoft Store. Could this be a false positive from Windows Defender, or is there another reason for this detection?

I would appreciate any insights or possible solutions to address this issue. Thank you in advance!

Best regards,
Marlian

5 Likes

I encounter the some problem

1 Like

Same here as well, specifically this file on my system: file: \Device\HarddiskVolumeShadowCopy10\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe

1 Like

Same issue here. We’ve been testing ChatGPT for Windows in our workspace, and over the night it seems to have been quarantined on several endpoints, flagged by Defender as Malgent.

1 Like

Same Warning at my installation today morning

1 Like

Same warning as well. Severe warning: Detected: Trojan: Win32/Malgent!MSR
Status: Quarantine Failed
This Treat or App might not be completely remediated.

Details: This program is dangerous adn executes commands from an attacker.

Affected Items:
file: C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe

1 Like

Same here. I tried remove and reinstall and still the severe warning.

1 Like

As of this morning, I got he same alert from Windows Defender. OpenAI app is identified as containing Trojan:Win32/Malgent!MSR.

1 Like

For those posting here

  1. Please note which version of Windows this was reported, e.g. Windows 10 or Windows 11
  2. Please note what happens if you do a custom scan of the specific folder C:\Program Files\WindowsApps. Note: This is different from a quick scan and requires you to select the specific folder.
  3. Please note which version of ChatGPT was installed or the full path from C:\Program Files\WindowsApps.… . e.g. The current version I am seeing is 1.2024.345
  4. Did you check for security updates before running scan.
  5. As noted by @cdaunay-unilink, are you using Sentry.io?

Note: I am not an OpenAI employee but these details could help everyone.

Thanks.


FYI

Just did a specific folder scan

Edition Windows 11 Pro
Version 24H2
Installed on ‎10/‎18/‎2024
OS build 26100.2605
Experience Windows Feature Experience Pack 1000.26100.36.0

ChatGPT Windows app version: 1.2024.345
Custom scan results of C:\Program Files\WindowsApps: No current threats.

AntivirusSignatureVersion   : 1.421.816.0
AntispywareSignatureVersion : 1.421.816.0
NISSignatureVersion         : 1.421.816.0
AMEngineVersion             : 1.1.24090.11
NISEngineVersion            : 1.1.24090.11

Using Sentry.io: No

2 Likes

Windows 11, from event log:
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:

Name: Trojan:Win32/Malgent!MSR
ID: 2147742994
Severity: Severe
Category: Trojan
Path: file:_C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe; process:_pid:15340,ProcessStart:133788163878966895; process:_pid:17816,ProcessStart:133788163865841049; process:_pid:23956,ProcessStart:133788163885271650; process:_pid:36224,ProcessStart:133788163864557601; process:_pid:36312,ProcessStart:133788163865512438; process:_pid:9296,ProcessStart:133788163795755711
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe
Security intelligence Version: AV: 1.421.815.0, AS: 1.421.815.0, NIS: 1.421.815.0
Engine Version: AM: 1.1.24090.11, NIS: 1.1.24090.11
3 Likes

Here is the information from my event viewer:

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
More information: https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Malgent!MSR&threatid=2147742994&enterprise=0
Name: Trojan:Win32/Malgent!MSR
ID: 2147742994
Severity: Severe
Category: Trojan

Path:
file:_E:\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe;

process:_pid:1120,ProcessStart:133787635042631352;
process:_pid:13740,ProcessStart:133787801506381776;
process:_pid:18368,ProcessStart:133787635044239486;
process:_pid:21336,ProcessStart:133787635037913759;
process:_pid:23224,ProcessStart:133787635014109257;
process:_pid:25212,ProcessStart:133787635170941968;
process:_pid:25584,ProcessStart:133787635060796685

Detection Origin: Local Computer
Detection Type: Specific
Detection Source: System

User: NT AUTHORITY\SYSTEM
Process Name: E:\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe

Security Version:
AV: 1.421.811.0, AS: 1.421.811.0, NIS: 1.421.811.0

Module Version:
AM: 1.1.24090.11, NIS: 1.1.24090.11

Windows specifications:

Edition Windows 11 Pro
Version 24H2
Installed on ‎06.‎10.‎2024
Operating system build 26100.2605
Performance Windows Feature Experience Pack 1000.26100.36.0
2 Likes

For more info, I’m seeing this across our Team account and I believe it points to the domain of

ingest.us.sentry.io

where the actual malicious / suspicious finding is coming from, based on the MDE incident findings.

2 Likes

Not getting that issue on my Win11 install

2 Likes

Also getting this, Windows 11 Pro, 10/11/2024, build# 26100.2605:

WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe

Trojan:Win32/Malgent!MSR

2 Likes

Can those reporting add/include if they are using Sentry.io? Thanks.

1 Like

I am also getting this on Win 11 laptop. Is this misclassified? Defender says it failed to remediate the malware too, a little scary

Name: Trojan:Win32/Malgent!MSR
C:Program]file:_C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.345.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe;

1 Like

Welcome to the forum!

Are you using Sentry.io?

If you are concerned about the Windows ChatGPT Desktop app, then consider uninstalling it completely and using ChatGPT via the website.

1 Like

The app was being flagged yesterday, specifically the chatgpt.exe file. I’m not sure and don’t think I had sentry. io installed. But it seems to be fixed today after a reinstallation.

3 Likes

Any official response coming from OpenAI? Is this a real threat or a false positive? Our users have uninstalled the app, and we don’t want to reinstall until we know what’s going on

Saw these last night, laptop running windows 11, using windows defender. Ran quick scan today, as well as full scan, doesn’t find anything. All items says incomplete remediation. Can’t find anything confirming the solution. Any information? These are from 12/14/24-12/15/24. TIA

Summary

This text will be hidden

1 Like