Ngrok is not virus. Windows should stop troubling developers!

that's really something that the developer of the tool themselves actually needs to do via the Microsoft WDSI Portal, since it's whatever issue the Microsoft analysts and/or AI-Based detection systems have determined requires that it be displayed as a detection that requires its developer(s) to communicate with them in order to try and resolve the issues they've found.

Hi, I'm a Product Manager for ngrok and we submit our new binaries each time they are flagged by Microsoft Defender using the portal here: https://www.microsoft.com/en-us/wdsi/filesubmission

It's a constant battle as they continuously keep getting re-flagged and we release new versions of our agent frequently which also results in them getting flagged. I'd love to work with someone at Microsoft to get our binaries signed in such a way that they are not constantly flagged as malware. Please contact me if there's some way we can collaborate to help our users here.

Thanks,

Russ

******@ngrok.com

I tried everything you said and i keep having the same issue, it´s really really annoying, I´ve been here for more than two hours

Hi ATUL_PATIL

Thank you for posting in Microsoft Community.

I hear your frustration—spending hours trying to work around security systems when all you’re doing is setting up a legitimate tool is exhausting. Ngrok is widely used by developers, and it’s frustrating when security features flag it incorrectly.

Windows Defender and SmartScreen sometimes err on the side of caution when a tool isn’t commonly recognized or has been associated with potential misuse in the past. Unfortunately, that can lead to false positives for legitimate software. You’ve already disabled protection features, but since something is still blocking the file, it could be Controlled Folder Access or Tamper Protection kicking in behind the scenes.

If you haven’t already, try these steps:

1. Add Ngrok as an Exclusion in Windows Defender
   • Go to Settings > Update & Security > Windows Security > Virus & threat protection
   • Click Manage settings > Add or remove exclusions
   • Add the downloaded Ngrok file and its folder.
2. Disable SmartScreen Temporarily
   • Open Windows Security > App & browser control
   • Under Reputation-based protection, toggle SmartScreen off.
3. Check Controlled Folder Access
   • Go to Windows Security > Virus & threat protection > Ransomware protection
   • If Controlled Folder Access is enabled, temporarily turn it off.

It’s definitely frustrating that developers have to jump through hoops for tools like this. Hopefully, Microsoft improves the handling of false positives in future updates. If you have strong feedback, you can also send it via the Feedback Hub (Win + F) to bring attention to the issue.

Let me know if you need help troubleshooting further!

Best Regards,

Lonex P.

Microsoft Moderator

Hi ATUL_PATIL

We haven't heard from you, so we assume that your issue has already been addressed. We will not be monitoring this thread moving forward so, if you need further assistance, please create a new thread to discuss these concerns by clicking this link: Create a new question (microsoft.com)

Thank you for understanding.

Regards,

Lonex P.

Microsoft Moderator

It appears from this long-running thread on StackOverflow that this developer's tool has had ongoing questions from developers themselves, while the last post in the thread from August 2024 even mentions the fact that Defender was detecting it at that time, so this isn't only a recent issue.

security - Is ngrok safe to use or can it be compromised? - Stack Overflow

Also note that my search found several threads at Malwarebytes as well indicating that it had detected Ngrok as a threat, though I didn't bother to read those since this thread is about Defender, but a quick brief through those threads might also reveal what's truly creating the detections and provide you with some added insight.

I can't say what the truth is, but as with the person who posted in that thread, I suspect that Microsoft determined that some issue has been detected where the tool or what it inherently does is considered vulnerable or risky in some other way, leading to the need for Defender to notify the user of that potential concern.

Though you're free to comment in Feedback, that's really something that the developer of the tool themselves actually needs to do via the Microsoft WDSI Portal, since it's whatever issue the Microsoft analysts and/or AI-Based detection systems have determined requires that it be displayed as a detection that requires its developer(s) to communicate with them in order to try and resolve the issues they've found.

Microsoft will only listen to customers in a case where the issue is clearly a false positive, which from the StackOverflow thread seems unlikely and it's probably something more technically difficult for the developer to resolve, or it might have happened already.

Rob