Hi All, just wanted to let you know that Windows defender has just started flagging most if not all of the Speckle Revit 2.18 dll components for Dynamo as well as Navisworks as being a potentially harmful Win32/Softcnapp threat. I am not worried on my personal machine however I am slightly concerned that this will impact the use of Speckle at the university where I teach as they are super hot on perceived cyber ‘threats’. Any idea why this has just started happening?


Having the same concern with the Unity plugin. These two files were detected as Win32/Softcnapp



Thank you both, whenever we make a new release, our Microsoft Defender reputation is “reset” and takes a bit to rebuild.

You can help us by reporting this as a “Incorrectly detected as malware/malicious” via the Microsoft portal: Submit a file for malware analysis - Microsoft Security Intelligence


Thanks for the confirmation. I am trying to upload the required ZIP file but it keeps getting knocked back (unable to upload). Not sure why as I have attempted to encrypt it with the required password. Need to crack on with some work right now - hopefully will get some time to get this done later this week.

1 Like

We are obviously looking into this ourselves but appreciate the effort for additional reporting.


Colleagues who installed 2.18 reported it as well, which causes some concerns.


In order to explain the situation internally, any idea why it gets flagged now and users didn’t seem to experience it with previous releases (at least not as far as I know)?


This is what I was wondering as I have never had this issue with any of the connectors before …

1 Like

Hey @JdB and @NigeDemo

Right before 2.18 was released, we were in the process of changing our Code Signing certificate provider.

This also lead us to over optimise which DLLs we were signing with our certificate before every release, and we left out Objects.dll and all Objects.Converter.XXX.dll (basically the files residing in the Kit folder).

Our initial tests seemed to indicate this was not an issue but obviously we were wrong.

I’m currently waiting for a PR with a potential fix to be merged and we’ll make a new hotfix for 2.18 most likely within the hour.

We’ve double checked the files we’re releasing are not infected in anyway using VirusTotal. But for extra piece of mind we recommend you guys verify this on your end:

We’ll ping this channel as soon as the hotfix is out.


Hey @JdB, @NigeDemo and anybody else that bumps into this:

We just released 2.18.3 for all our speckle-sharp connectors.

This release has no code changes, only the addition of some extra signatures in some of the dlls I pointed out above.

Could you try this release out and verify the warning goes away?

Thanks in advance :raised_hands:t3:


I’ve just done the same for the Speckle Unity connector. 2.18.3 release now contains digitally signed versions of SpeckleCore.dll and Objects.dll

@TanmayKc please can you update the package to the latest 2.18.3, and let us know if that resolves the issue.

1 Like

Yep, this seems to have stopped that warning from Defender :+1: