Description: MalwareBytes absconded with 7.2dev after declaring the program malware. Was in the middle of researching bugs and then I wasn't. Steps to Reproduce: 1. Install Malware Bytes 2. Install Windows LO Dev build Version: 7.2.0.0.alpha0+ (x64) / LibreOffice Community Build ID: 7a0e0a84a02f505200331c19b28d45e898cd5a12 CPU threads: 8; OS: Windows 10.0 Build 19042; UI render: Skia/Vulkan; VCL: win Locale: en-US (en_US); UI: en-US Calc: CL 3. Link the program to the windows taskbar 4. Launch the program from the taskbar repeatedly (was testing a saving issue) Actual Results: Alas, poor Yorik I knew him well...*POOF* MalwareBytes quarantined the program. Expected Results: Malware Bytes shouldn't have flagged anything (never has before with daily builds). Reproducible: Always User Profile Reset: No Additional Info: Given that recently GitHub has been swarming with cryptominers, I wouldn't be surprised if this ransomware flag was real. I've had MalwareBytes a long time and this is the first time it's ever flagged a daily dev build as ransomware. The only thing I can think of that I've done differently in today's testing than any other was having a linked picture in the document (for testing bug 82637). Not really sure there is anything you can do on your end other than scan the build for infections, but my first suspicion is MWB created a false flag based on the linked file and how quickly I was saving the file / relaunching the program.
Side note: Since ransomware would really ruin my day, false flag or otherwise, I'm done testing on this build.
Sorry, this not my field of expertise.
I'm putting this more in MalwareByte's backyard than LO's, and it hasn't happened again.