QWE AI Academy You launched LM Studio. Defender threw a red alert. The app folder is now half-empty, and you’re trying to figure out whether you’ve been running a trojan or whether Microsoft just had a bad heuristics day. Either way, the answer depends on one piece of information you need to check before doing anything else.
The actual question: is the LM Studio trojan detected by Defender real?
If you’re seeing Trojan:JS/GlassWorm.ZZ!MTB on LM Studio 0.4.7, almost certainly a false positive. On March 23, 2026, Windows Defender started flagging the file at C:Program FilesLM Studioresourcesapp.webpackmainindex.js – roughly 14 MB of webpack-bundled JavaScript that powers the Electron main process (per InsiderLLM’s security analysis). Only 1 of 62 antivirus engines on VirusTotal flagged it. That engine is Microsoft Defender.
Think about what that file actually is: a single minified blob containing every line of LM Studio’s desktop logic, compressed into one artifact with no whitespace and unpredictable token patterns. To a heuristic scanner with no semantic understanding of the code, it looks indistinguishable from obfuscated malware. The same pattern trips up any large Electron app. Defender is essentially penalizing LM Studio for how JavaScript bundlers work, not for what the code does.
There’s also history. LM Studio’s bug tracker (Issue #166) documents an October 2024 incident where Windows 11 flagged version 0.3.5 as Trojan:Win32/Cinjo.O!cl – same pattern, different signature, same resolution path.
Why rescanning locally keeps you stuck
The circular trap nobody mentions: people see one engine flagged the file and rescan locally to “double-check.” That engine is Defender. Rescanning returns the same result every time. Uploading the file to VirusTotal is what broke the loop in the first place – external scanners don’t share Microsoft’s signature database, which is why 61 of 62 engines return clean.
The recovery decision tree (do these in order)
The order matters. Defender’s quarantine has a clock on it – 30 days, per Microsoft Learn, after which the encrypted entry is permanently purged. A delayed restore attempt may fail with nothing left to recover. Start here:
- Confirm the detection name. Open Windows Security → Virus & threat protection → Protection history. If you see
Trojan:JS/GlassWorm.ZZ!MTBpointing at an LM Studio path, you’re in the known false-positive bucket. Anything else – especially names containing BrowserVenom, or flagging a path outside the LM Studio install folder – skip straight to the BrowserVenom section below. - Check what got quarantined vs. deleted. Same Protection history screen. If the entry shows “Removed” rather than “Quarantined”, the file is gone. Severe threats may be removed immediately without holding the 30-day window. Skip to reinstall.
- If quarantined, try the GUI restore. Under Protection history, filter on Quarantined Items, select the entry, choose Restore. Works on most systems without issue.
- If the GUI fails, use MpCmdRun. Code block below.
- Only after restoring, add an exclusion – Defender re-quarantines on the next scheduled scan if you skip this step. Restore → exclude. That order is not optional.
Restoring with MpCmdRun when the GUI gives up
Turns out the tool moved. Most guides still send you to %ProgramFiles%Windows DefenderMpCmdRun.exe – that path doesn’t exist on modern Windows 11. The tool now lives under the antimalware platform folder in %ProgramData%, versioned by release:
:: Open Command Prompt as Administrator first
cd /d "%ProgramData%MicrosoftWindows DefenderPlatform"
dir /b /o:-n
:: pick the newest version folder you see, then:
cd <that-version-folder>
MpCmdRun.exe -Restore -ListAll
:: find the LM Studio entry, then:
MpCmdRun.exe -Restore -Name "Trojan:JS/GlassWorm.ZZ!MTB"The dir /b /o:-n step sorts folders newest-first so you don’t have to guess which platform version is active. If the %ProgramData%...Platform path genuinely doesn’t exist, Defender falls back to %ProgramFiles%Windows Defender – but that’s rare on anything past Windows 10 21H2.
The quarantined files themselves are stored encrypted at C:ProgramDataMicrosoftWindows DefenderQuarantine. File Explorer can’t open them directly – you must go through Windows Security or the command-line tools. Trying to copy them out manually won’t work.
Add the exclusion
Windows Security → Virus & threat protection → Manage settings → Add or remove exclusions → Add an exclusion → Folder.
Add the LM Studio install root, not just the index.js file. Defender re-scans on update, and LM Studio rewrites that webpack bundle every release – a single-file exclusion will not survive version 0.4.8.
While you’re at it: Exclude the user data folders too (
%USERPROFILE%.lmstudioand%USERPROFILE%.cachelm-studio). Model files and chat templates inside those paths get flagged occasionally because they contain large compressed binary blobs. One exclusion now beats five troubleshooting sessions later.
The version 0.4.7(4) mid-install scenario
The LM Studio bug tracker (Issue #513) documents reports of GlassWorm.ZZ firing specifically during installation of version 0.4.7(4) – Defender intercepts the webpack bundle mid-write, before the installer finishes. That’s a harder situation than a post-install quarantine.
Cancel the install immediately. Fighting Defender with the installer running usually ends with a half-written app directory that’s broken in ways Protection history doesn’t fully capture. Restore any quarantined files from the previous version first. Exclude the install folder root (C:Users<you>AppDataLocalProgramsLM Studio). Then re-run the installer – writes into an excluded folder skip real-time scanning during extraction.
Skipping the exclude-first step is why installers fail halfway: Defender locks the partially-written index.js and the installer can’t complete its writes.
One scenario where this is not a false positive
If your detection name contains BrowserVenom, or your browsers are suddenly routing through an unknown proxy – different attack entirely.
Kaspersky’s research team identified a phishing campaign built around a fake DeepSeek-R1 site, promoted through Google Ads, that served LM Studio and Ollama installers bundling a credential-theft payload alongside the legitimate software (full details in Kaspersky’s press release). The catch: infection required administrator privileges. Non-admin Windows profiles couldn’t be infected.
The payload – BrowserVenom – reconfigures every installed browser to route traffic through an attacker-controlled proxy for credential interception. If you downloaded LM Studio from anywhere except lmstudio.ai: a Google Ads link, a mirror site, a YouTube tutorial’s “direct download” – treat it as BrowserVenom until you’ve ruled it out. Check Settings → Network & Internet → Proxy. “Use a proxy server” toggled on when you didn’t set it is your answer.
How long until Microsoft clears the GlassWorm signature? Historically, confirmed false positives on high-profile apps move quickly once multiple users submit the same hash. But there’s no published SLA for signature corrections, and the October 2024 Cinjo.O incident is the only comparable data point. Check the bug tracker for confirmation rather than counting days.
A few things worth knowing
- The re-quarantine trap: restore without exclusion, and the next scheduled scan puts everything back in quarantine. The decision tree above covers this – the reminder here is that on a second quarantine, severe-threat heuristics may delete immediately rather than holding the 30-day window.
- If you don’t want to manage exclusions at all, alternatives like Ollama and llama.cpp don’t ship a 14 MB webpack bundle, so Defender’s heuristics don’t fire on them. Useful fallback if you need something running before the signature clears.
- To report the false positive directly to Microsoft: use the Security Intelligence sample submission portal, pick “Incorrect detection”, and attach index.js. Multiple submissions of the same hash typically accelerate the review.
FAQ
Is LM Studio safe to use right now?
Yes – if you downloaded from lmstudio.ai and the detection name is GlassWorm.ZZ or Cinjo.O. One engine out of 62 flagging a standard Electron bundle is a heuristic misfire, not evidence of malware.
I restored the files but LM Studio still won’t launch. What happened?
Most likely Defender deleted multiple files but Protection history only showed one entry. Check the install folder directly – if resourcesapp.webpackmainindex.js is back but other files in that directory are missing, the partial restore broke the app. The fix: uninstall completely, add the folder exclusion first, then reinstall fresh. This also explains why hitting Restore repeatedly on the same Protection history entry sometimes does nothing – only the listed file restores; silently-deleted siblings don’t appear in the log at all.
How do I report this to Microsoft so they fix the signature?
Submit the file at the Microsoft Security Intelligence sample submission portal. Pick “Incorrect detection” and attach index.js. Microsoft usually clears confirmed false positives within a few business days once a hash gets multiple submissions – though as of writing, there’s no published timeline commitment for this process.
Next step: Open Windows Security → Protection history right now and check whether your entry shows Quarantined or Removed. That single piece of information determines whether you’re running the restore commands above or downloading a fresh installer.