osu! is being detected as malware


Your anti-virus software detects your osu! wrapper as malware (usually a trojan).


Rest assured, osu! isn’t bundled with any malware. It’s just a false positive. See Gcenx’s explanation below:

Since around Wine-4.8 mingw-w64 has become required to cross-compile wine components. As your lightly not aware mingw-64 is a cross-compiling toolchain allows you to compile Windows binaries on no Windows systems.

Wine now provides functional replacements for real Windows binaries, now most anti-virus like for example Norton Endpoint Security see the file let’s say regedit.exe and notice is a PE binary but not a known release from Microsoft so it’s auto flagged.

Now much older versions of wine that were not compiled in this manner, instead wine provided fake Windows binaries, lets usr the above example regedit.exe is just loads regedit.so.

The problem with using none PE binaries is some software expects a real PE binary a fake one doesn’t suffice.

For more information, see…


You’ll need to dismiss your anti-virus and allow osu! to run. This can usually done by explicitly allowing osu! to run or excluding it from virus scans. Instructions for common antivirus products are below:


It is not necessarily to report/contact osu! as a false positive to your anti-virus product, you only need to permit osu! to run. Hopefully in the future anti-virus programs will whitelist Wine, but this is an upstream issue.

If that didn’t work

There could be something else going on here, and performing basic troubleshooting should help you get to the bottom of it.

If you’re still not sure what’s going on here, copy any osu! crash logs and generate a report with osu!macOS Agent, then let us know on the forums with what we can help.