McAffee reports blocked suspicious connection

General
#1

After booting up my laptop McAfee reported that tribler.exe tried to make a connection to 94.179.25.102 and that it was blocked by McAfee. I would have put this message aside when I would have been using tribler at that moment, but that is not the case… There was no tribler started after bootup. It’s also not anywhere in startup settings of my PC…

Any Idea what might be going on ?

EDIT: TO be sure I didn’t install an infected version from some obscure source, I downloaded a fresh copy from tribler.org and compared it to the download that was allready in my download folder:

fc “Tribler_7.3.2_x64 (1).exe” Tribler_7.3.2_x64.exe
Comparing files Tribler_7.3.2_x64 (1).exe and TRIBLER_7.3.2_X64.EXE
FC: no differences encountered

But that’s obvisiously not the case.

#2

@Erix4u The version from https://tribler.org is genuine. Alternatively, you can download from the official Github release page: https://github.com/Tribler/tribler/releases. Other than these two channels, we should publish anywhere so I would

Regarding the IP address you mentioned (94.179.25.10), it is not something we know of. Could be any other user in the network. Since Tribler relies on peer to peer network, other peers help you bootstrap into the network and you help others. It is not abnormal that there could be traffic from unknown IP but that will always be UDP traffic and should not harm you in any way. Moreover, Tribler has a strict validation for data packets it receives from the network and any unrecognized data packets not complying to the protocol is dropped.

However, you mentioned that the connection was made when Tribler was not running, that is unusual. Sometimes, it is possible that if Tribler did not shut down properly, there could still be a core process running. You can see that by searching for a ‘tribler.exe’ process in Task Manager.

Please let us know if you still see unusual traffic reported when Tribler is not running.