Windows Defender reports trojan in Mattermost Client from Windows App Store

Hi all,

I administrate a Mattermost Team Edition server and have just received a report from a user.

Windows Defender reports the current version of the Mattermost Windows Client which is available in the Microsoft Store to contain a trojan.

Since this report is only coming from one user and I have had no trouble on any of my machines, I assume this is a false positive. I will investigate and come back with details later.

Windows Client Version: 4.0.1 (seems to be the current in the Microsoft Store)

Okaaaay… The report has been clarified. The user was NOT talking about the Mattermost Client from the Windows Store - which does not even exist.

He was in fact talking about a server running Windows Server 2016. Somebody was trying to install the Mattermost client for remote users. I will try to look into this, but have instructed the user to install Mattermost 4.1.2. for the time being.

I would consider this topic to be to irelevant to waste any time one and am marking it as solved until otherwise.

I actually just got the same Windows Defender notification - it’s reporting that “C:\Users<user>\AppData\Local\mattermost\Mattermost.exe” contains “Trojan:Win32/Bluteal.B!rfn”

I’m on Windows 10 and MM client 4.0.1 - which I see now is out of date. Are there no update notifications for the MM Windows client?

I’ve just experienced the same thing here. Windows Defender had quaranteened the Mattermost EXE as described.

I’ve got some screenshots from the Defender analysis if that would be helpful? Happy to post them somehow if so.

Hey @lewispollard @TangoFox @LevonTostig

Thanks for letting us know! This appears to be a false positive, and we’re working with Windows to clear it.

In the meantime, you can download our latest release, v4.1.2, which doesn’t give this warning:

We’re also working on giving update notifications when a new release is out, tentatively scheduled for the upcoming release in a couple of months.


Hey @lewispollard @TangoFox @LevonTostig

Quick update: This issue is now cleared by Windows. Your Windows Defender should no longer flag v4.0.1 as a potential threat.

If you’re still seeing it (either with v4.0.1 or the latest release from, let me know.

Big thanks for the heads up!

Thank you for clearing this up so quickly. Awesome!