> tl;dr It's got nothing to do with being a BitTorrent client.
That's simply not true. It's got everything to do with it being a BitTorrent client.
> Microsoft uses specific categories and the category definitions to classify software as a PUA.
> Torrent software (Enterprise only): Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies.
Microsoft explicitly include "Torrent software" in their article for what's considered by them to be PUA.
> In a background article on what’s considered unwanted software, torrent clients are specifically mentioned, along with advertising software and cryptominers. The article suggests that it applies to “enterprise” only, but the complaints we have seen apply to other Windows versions as well.
As pointed out by TorrentFreak, the Microsoft article suggests that it only applies to the "enterprise" version of Windows however as we've seen this doesn't appear to be true. It at least explains why some experience this user hostile behaviour while others don't.
If your Windows isn't joined to an AD domain then the enterprise stuff doesn't apply. Maybe some of the users complaining about QBitTorrent are trying to install it at work, but it's much more likely to be simply because they don't sign their software. It's more or less guaranteed that not doing that will cause spurious and inconsistent security warnings.
If you check the github thread then the very first post says it was flagged as PUA but the actual error they show is clearly a malware classification. The fact that they have one naming scheme and QBitTorrent got dumped in the PUA section (because it's not malware) doesn't mean it automatically gets opted out of the reputation system. And they observe themselves that people are re-bundling qbittorrent binaries into third party re-packagings that are probably adware or malware, which in the absence of signing will confuse Windows because it can't tell the re-packaged versions apart from the upstream versions.
> If you check the github thread then the very first post says it was flagged as PUA but the actual error they show is clearly a malware classification.
Are you sure that's what you're seeing? The image in the first post of that GitHub thread shows that Defender did indeed flag the qBittorrent installer as PUA.
I think it looks like that because each program gets a single name to identify it in the Defender namespace, and that namespace seems to include a sort of general categorization. But then a program can be classified in multiple ways and blocked for multiple reasons. The people on that thread don't seem to be on corporate networks, so it seems like Defender is marking it as a "threat" for other reasons.
The whole thing is annoyingly confusing and opaque, but, I don't think the issue here is some sort of conspiracy against BitTorrent. Unsigned software is gonna trigger AV false positives, it's been that way for decades. Now they're getting AV false positives. If they started signing their code then eventually Windows would learn it's not malware. Corp networks might still opt to block it because they don't want their employees torrenting, but that's a separate issue.
That's simply not true. It's got everything to do with it being a BitTorrent client.
> Microsoft uses specific categories and the category definitions to classify software as a PUA.
> Torrent software (Enterprise only): Software that is used to create or download torrents or other files specifically used with peer-to-peer file-sharing technologies.
https://docs.microsoft.com/en-us/microsoft-365/security/inte...
Microsoft explicitly include "Torrent software" in their article for what's considered by them to be PUA.
> In a background article on what’s considered unwanted software, torrent clients are specifically mentioned, along with advertising software and cryptominers. The article suggests that it applies to “enterprise” only, but the complaints we have seen apply to other Windows versions as well.
https://torrentfreak.com/utorrent-continues-to-be-flagged-as...
As pointed out by TorrentFreak, the Microsoft article suggests that it only applies to the "enterprise" version of Windows however as we've seen this doesn't appear to be true. It at least explains why some experience this user hostile behaviour while others don't.