Sophos antivirus complains and quarantines

I have just installed Synfig (SynfigStudio-1.4.4-2023.03.30-win64-b8d62.exe) and along the way, my local Sophos antivirus software warned me that it did not trust the following files and so quarantined them…

Potentially unwanted application detected
These applications are not malicious but has potentially unwanted behaviour, and will be quarantined…

Generic ML PUA: C:\Program Files\Synfig\bin\gspawn-win64-helper.exe
Generic ML PUA: C:\Program Files\Synfig\bin\gspawn-win64-helper-console.exe
Generic ML PUA: C:\Program Files\Synfig\bin\gdk-pixbuf-query-loaders.exe
Generic ML PUA: C:\Program Files\Synfig\bin\gdk-pixbuf-pixdata.exe

As you can see, Sophos identifies these files as belonging to a family of ‘Generic ML PUA’ as described here.

I was wondering about others’ experience like this and I am keen to understand quite what Potentially Unwanted Application action I might be letting myself in for?

Thanks all

Hi and welcome here :slight_smile:

Synfig is free and open-source, it is built and published on open and public platforms (GitHub).
The quarantined executables are part of MinGW/MSYS (also open-source) that are used to launch sub-processes.
But creators of malicious apps can use this toolchain and antiviruses sometimes think that if is has been used in a malicious software, then there presence may be potentially sign of an infection.

1 Like

xD, never have I seen such an informative picture. Well written ;).