Products Firewalla Gold Firewalla Purple Firewalla Blue Plus Firewalla Red Firewalla Blue

qbittorrent setting off malware and malicsious site alarm constantly

Follow
Avatar
Fr

Good morning,

I have a brand new windows PC install with only a few applications installed - Plex, Unifi, Malware Bytes, and qBitTorrent.

The issue is that firewalla gold box is constantly sending alarms that the new PC install is accessing malware sites or maliscious sites - this only happens when qbittorrent is running (but not downloading, no torrents added, no seeding).  I also have qBitTorrent installed on another PC, without this issue.

Is this a false positive? All over the web I see how MalwareBytes gives false positive for this but i have never seen the firewalla gold box alarm go off constantly.

0

Comments

5 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Paste a few alarms and see. False positives does happen, but unlikely to be happy as often as you described. (my guess is your bittorrent is running and likely it is contacting questionable sites)

    0
    Comment actions Permalink
  • Avatar
    Fr
    • Edited

    So I think I narrowed this down to the "Enable DHT (decentralized network) to find more peers" and "Enable Peer Exchange (Pex) to find more peers" settings in qbittorrent. Disabling these causes the alarms to stop. I know this isn't a firewalla issue, was hoping you could look at the alarms. 

    I wanted to copy the alarms from the firewalla into this thread, but I am having an issue where anytime I want to save changed settings, view alarm details, or approve a web sign-in it just hangs until it times out. Never had this issue before, I'm sure a quick reset will fix it but I can't reset the box until later tonight.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @fr, I created a ticket for you, please do not reset. We can look at the "access" issue via that ticket. 

    0
    Comment actions Permalink
  • Avatar
    Fr
    • Edited

    This issue resolved itself about an hour ago when i tried again. I can once again save settings, access alarm details, and approve the web login. I exported all the alarms I got over the night from leaving DHT/PeX settings on:

    Time Alarm Message
    5/23/2022 2:24 Device is accessing [ site 212.178.135.62.
    5/23/2022 2:03 Device is accessing [ site 212.178.135.62.
    5/23/2022 1:37 Device is accessing [ site 212.178.135.62.
    5/23/2022 1:10 Device is accessing [ site 212.178.135.62.
    5/23/2022 0:36 Device is accessing [ site 212.178.135.62.
    5/23/2022 0:10 Device is accessing [ site 212.178.135.62.
    5/22/2022 23:43 Device is accessing [ site 212.178.135.62.
    5/22/2022 23:24 Device is accessing [ site 212.178.135.62.
    5/22/2022 23:09 Device is accessing [ site 212.178.135.62.
    5/22/2022 22:49 Device is accessing [ site 212.178.135.62.

    I deleted the other alarms but they were from various other IPs I think.

    0
    Comment actions Permalink
  • Avatar
    Daniel

    I have the same "issue".

    I think it's because Firewalla thinks basically all IPs that are in AbuseIPDB are malicious.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post