Attention

August 2023 update: osu! Wineskins for macOS, osu!macOS Agent, and this osu!mac documentation website is no longer officially supported or maintained. Official support will no longer be provided by the authors of these respective projects on the osu! forums. You can read more information about this change from Technocoder and aidswidjaja. Thank you for everything.

osu! is being detected as malware

This article is applicable to the following wrappers:
• slc’s Wineskin for macOS 10.14 Mojave and earlier
• Technocoder’s Wineskin with macOS Catalina 10.15 support
• Technocoder’s unofficial Wineskin for macOS 10.14 Mojave and earlier

Behaviour

Your anti-virus software detects your osu! wrapper as malware (usually a trojan).

Cause

Rest assured, osu! isn’t bundled with any malware. It’s just a false positive. See Gcenx’s explanation below:

Since around Wine-4.8 mingw-w64 has become required to cross-compile wine components. As your lightly not aware mingw-64 is a cross-compiling toolchain allows you to compile Windows binaries on no Windows systems.

Wine now provides functional replacements for real Windows binaries, now most anti-virus like for example Norton Endpoint Security see the file let’s say regedit.exe and notice is a PE binary but not a known release from Microsoft so it’s auto flagged.

Now much older versions of wine that were not compiled in this manner, instead wine provided fake Windows binaries, lets usr the above example regedit.exe is just loads regedit.so.

The problem with using none PE binaries is some software expects a real PE binary a fake one doesn’t suffice.

For more information, see…

this GitHub issue.
this Steam Community forum thread about Valve Proton (which runs on Wine)
this Wine forum thread
and this CodeWeavers forum thread - CodeWeavers are a commercial company who both use and contribute heavily to Wine

Resolution

You’ll need to dismiss your anti-virus and allow osu! to run. This can usually done by explicitly allowing osu! to run or excluding it from virus scans. Instructions for common antivirus products are below:

Norton
McAfee
Malwarebytes (currently not possible, but generally speaking you should be able to disable Real-Time Protection and osu! should run)
Avast
Kaspersky Internet Security

Tip

It is not necessarily to report/contact osu! as a false positive to your anti-virus product, you only need to permit osu! to run. Hopefully in the future anti-virus programs will whitelist Wine, but this is an upstream issue.

If that didn’t work

There could be something else going on here, and performing basic troubleshooting should help you get to the bottom of it.

If you’re still not sure what’s going on here, copy any osu! crash logs and generate a report with osu!macOS Agent, then let us know on the forums with what we can help.