Emby Server.exe flagged as Malware

[gothamkid 0]

About an hour ago, EmbyServer started getting flagged as Malware by BitDefender.  Any suggestions?  I don't want to turn Active Threat Detection off, but even with a Quarrantine exception, it flags it every time I try to launch the .exe again.

[Luke 42078]

Hi it what version do you have installed?

[Tenyrsgone27 19]

I'm having the same exact issues. I upgraded to 4.6.6.0 and now BitDefender keeps shutting down Emby Server. I tried adding all the files to my exceptions with ATP but it still doesn't work and keeps shutting down.

Also, Emby Server no longer starts automatically when Windows starts up.

 

Edited November 18, 2021 by Tenyrsgone27

[gihayes 47]

Same exact issue here, Just downloaded latest Emby version. Not Beta. Running Windows 11.

Edited November 18, 2021 by gihayes

[calbanese 1]

Same for me

[ryled_up 6]

Hi Guys, Same here.  Server updated today to 4.6.6.0 and BitDefender has gone crazy!  It quarantined a whole bunch of files in the Emby folder .db-wal, .dat, .js, .dll and even the windows startup .lnk file.  I added embyserver.exe to exception list and restored all the files from quarantine.  Waiting for system scan to finish and will reboot to make sure everything starts up ok.  I also submitted a false positive report with BitDefender.

[gothamkid 0]

4.6.6.0.  I have my settings set auto-update and after the auto-update occurred, BitDefender started flagging it.  I manually downloaded 4.6.6.0 from the website and installed it, and I haven’t had any issues.

[Luke 42078]

OK we'll have to report this to them as a false positive. In the meantime I would see if you can add an exemption for it. Thanks for reporting.

[ryled_up 6]

I forgot to note that it is running ok after I added the exemption for both active threat and antivirus and restored the other quarantine files which auto add to active threat exemption. Still waiting on system scan to finish but I think it’s well past scanning the Emby folder and no detection so far. 

[gihayes 47]

4 hours ago, gihayes said:

Same exact issue here, Just downloaded latest Emby version. Not Beta. Running Windows 11.

After adding the exemption for both active threat and antivirus and restoring the quarantined files as noted above, everything seems ok here as well. There is a setting in Quarantine that automatically creates all exceptions when you restore a file from quarantine.

Edited November 18, 2021 by gihayes

[Carlo 4561]

Yes it happens to me as well.  I've reported it about 5 times with a couple different email addresses and have not gotten any response back.

Over the weekend I was building some code and as fast as I was compiling it this program was removing it.
 

What I would suggest is to setup Emby's folder in the Allow List so it won't get scanned or looked at. Same with Theater if if you have that installed.
Do the same thing for your media files as well.  If running any type of active scanner or even MS I would also add all your Media folders to the allow list so they don't get scanned as well.

You especially don't want this programs trying to scan media while you're trying to stream it!

What I would suggest is when it pops up with a message or quarantines your server file you immediately use the report feature to let them know it's wrong.
Sending them an Email would help us as well.  The more emails they get the better it is for all of us.

BTW, I only had this installed because another person told me it picked up Emby.  I personally don't run programs like this on my PC but do active screening on my firewall.

Hopefully we'll get some kind of replay back.

[Luke 42078]

Quote

What I would suggest is when it pops up with a message or quarantines your server file you immediately use the report feature to let them know it's wrong.
Sending them an Email would help us as well.  The more emails they get the better it is for all of us.

In case anybody misses it, if you all could please do this, that would be very helpful. Thanks !

[Tenyrsgone27 19]

This seems to work as long as you don't restart your system.

Edited November 18, 2021 by Tenyrsgone27

[Carlo 4561]

Just a tip.  Even if you favorite malware/virus protector does not offer a a folder bypass you can usually work around that quite easily be changing the username used to run the service.
You then remove access for that user to directories you don't want it to touch or even know about.

[Kennyb3653 7]

The Latest updated Security Suite is now flagging EmpbyServer.exe as malware, and blocked the file from running.  Added it to the exemptions folder to get the server back up and running.  Is this something that you may have to report to F-Secure about.  The version of Security Suite is Version 25.2.  I'm not sure if it will block the file again when EmbyServer is updated in the future.

[Luke 42078]

On 4/21/2025 at 10:03 AM, Kennyb3653 said:

The Latest updated Security Suite is now flagging EmpbyServer.exe as malware, and blocked the file from running.  Added it to the exemptions folder to get the server back up and running.  Is this something that you may have to report to F-Secure about.  The version of Security Suite is Version 25.2.  I'm not sure if it will block the file again when EmbyServer is updated in the future.

Hi, is this still happening today?

[Kennyb3653 7]

I did a "Please restart the server to finish applying updates" and Security Suite (F-Secure) still blocking the file from running.

 

Edited April 22, 2025 by Kennyb3653

[Kennyb3653 7]

After excluding version 4.9.0.49 to get the server running again.  F-Secure Security Suite is now blocking two files.

Edited April 22, 2025 by Kennyb3653

[Luke 42078]

Thanks. Is it still blocking them?

[Kennyb3653 7]

Yes they get block as soon as I delete them from the allowed.

[Luke 42078]

OK @Carlocan report this false positive to them. Thanks !