Bug report #19670

McAfee reporting "ransomware - HTA file creation" - False positive?

Added by Kaz Shimamura about 2 years ago. Updated about 2 years ago.

Affected QGIS version:3.2.2 Regression?:No
Operating System:Windows 10 Easy fix?:No
Pull Request or Patch supplied:No Resolution:invalid
Crashes QGIS or corrupts data:No Copied to github as #:27495



At work my McAfee Endpoint Security has reported the following when I tried to install QGIS 3.2.2:

QGIS-OSGEO4W-3.2.2-1-SETUP-X86_64.EXE, which tried to access C:\PROGRAM FILES\QGIS 3.2\APPS\RBATCHFILES\FIND-MIKTEX.HTA, violating the rule "Ransomware - HTA file creation", and was blocked.

I'm wondering if this is a false positive or if it needs closer inspection? McAfee rated the severity as "critical" and has blocked "FIND-MIKTEX.HTA".

all the best,


#1 Updated by Alessandro Pasotti about 2 years ago

Can you check if the md5sum of your downloaded package matches?

#2 Updated by Jürgen Fischer about 2 years ago

  • Resolution set to invalid
  • Status changed from Open to Closed

False positive. Find-MicTex.HTA contains:

<!-- (c) 2013 GKX Associates Inc. -->
<!-- License: GPL 2.0 -->
<STYLE TYPE="text/css">
.highlight {background:#ff00ff}
.text {color:#ff00ff}
.both {color:white;background:black}
<body onLoad="window.resizeTo(650,250);">
<h1>Find MiKTeX</h1>
<script type="text/jscript">

fso = new ActiveXObject("Scripting.FileSystemObject");
mik = new ActiveXObject("MiKTeX.Session");

i = 0;
while (true) {
        try {
                rt = mik.GetRootDirectory(i);
                if (fso.FileExists(rt + "\\miktex\\bin\\latex.exe")) {
                        document.write(rt + "\\miktex\\bin<br>");
        } catch(e) {break};


#3 Updated by Jürgen Fischer about 2 years ago

The hta was removed from rbatchfiles in OSGeo4W.

Also available in: Atom PDF