[qwerty456127]

> I haven't had Defender remove what I thought was a legitimate binary

Probably because you are closer to a "typical" kind of user who doesn't use "hack tools" (which some people like me use for absolutely legal and benevolent purposes "hacking" their own PC, e.g. to backup the passwords and e-mail records saved on it). By the way it also is very important to distinguish between a legitimate hack tool and an infected hack tool and I am not sure they do.

> I installed and ran qBitTorrent recently and it didn't complain.

They just added a slightly old version to their threats database and didn't add the most recent version there yet.

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclo...

https://www.reddit.com/r/qBittorrent/comments/lwqjm9/qbitbor...

[1_player]

I just checked, perhaps the fact that I have "reputation-based" blocking always disabled helps, which seems to avoid that kind of false positive. I am not a fan of my OS phoning home to check every single executable I run. Either it's in the virus database, or I'm tech-savvy enough not to run any .exe I receive via e-mail.

https://www.tenforums.com/tutorials/32236-enable-disable-mic...

[qwerty456127]

I didn't even know there is such a "reputation" option. Today Windows configuration windows are way harder to find anything (what you don't already know is there/where) in than they used to be even in Windows 7, let alone XP (where everything was way more intuitive and easy to discover). As for submitting the files to Microsoft - I believe I have disabled that but in the today context I can't be sure it didn't get enabled on itself.