@soft-parsley

Unfortunately, I’ve a bad news for you, if you didn’t somehow initialize all of this yourself, your comp is no longer yours…

t e m p . s h seems to be a kind of non-permanent storage, anyone can use it:

temp.sh.png

Notepad++ doesn’t distribute/use curl.exe binary, it uses the curl-library functionality via “C:\Program Files\Notepad++\updater\libcurl.dll” for the N++ updater GUP.exe. And of course N++ never uses such an anonymous storage place.

Also you should check the digital signatures of your N++ binaries like:

npp-sign.png

Moreover, nowadays it isn’t possible to download or update to N++ v8.8.4, as this specific version was withdrawn because it contained regressions.

UPDATE: With the release of v8.8.7, Notepad++ is once again signed by a GlobalSign-issued certificate, as well as the Notepad++ self-signed certificate.

The above instructions are still appropriate for confirming the self-signed certificate, but with the GlobalSign-issued certificate, the procedure is not as critical.

UPDATE: With the release of v8.8.7, Notepad++ is once again signed by a GlobalSign-issued certificate, as well as the Notepad++ self-signed certificate.

UPDATE: With the release of v8.8.7, Notepad++ is once again signed by a GlobalSign-issued certificate, as well as the Notepad++ self-signed certificate.

https://notepad-plus-plus.org/news/v886-released/

@Pulp-Sendo
Already fixed for the upcoming N++ v8.8.6.

@xomx Thanks for your input, the analysis does seem to be a bit on the… overly cautious or paranoid side.
maybe it’s time to find a new resource for risk analysis!

@podlipom51-podlipom51 said in File empty after opening it as Adminitrator:

I was unable to save file. Suggested to open as Administrator after accepting my file is empty. It is very important file for me what to do?

Where were you trying to save the file? To somewhere in c:\program files\ or c:\windows or similarly protected area? Or were you trying to save to a normal writeable directory on your machine’s local drive? Or a mounted network drive? Because it only suggests Administrator if it gets a “permission denied” error when you try to write the file.

after accepting my file is empty. It is very important file for me what to do?

Bummer. Unfortunately, if you already restarted Notepad++, and it didn’t have the Settings > Preferences > Backup set to take “session snapshots and periodic backups”, your unsaved changes were never written to disk anywhere. As soon as Notepad++ exited, those bits were removed from active memory, and were lost. Since the files were likely never written to disk, I doubt that an external file-recovery utility like Recuva would work for you, but you might try directing such at the `c:\users<username>\AppData\Roaming\Notepad++\backup

See our FAQ on backups for more details about how the Notepad++ backup settings work, how the AutoSave plugin can help improve things, and best-practice suggestions for avoiding data loss in the future.

Also, I think one of the frequent contributors is actively working on a solution to have Notepad++ be able to get UAC permission for a file-save without needing to restart the application – such a feature would definitely help in your case. Unfortunately, I’ve spent the last few minutes trying to find the Issue or PR where that was being discussed, and haven’t found it yet.

@Bhaalthazar said in Security of Legacy Notepad++ Versions (CVE-2025-49144):

patching older vulnerable versions

It could be fun, now without the public CA cert available…

@Brian-Dickens

https://community.notepad-plus-plus.org/post/102220

As I said, without the N++ digital signature, stupid AVs go nuts.

The number of false positives from AVs is so high because in the past, many attackers probably have also used the free, open source NSIS for their purposes.

Here’s my reply:
https://github.com/notepad-plus-plus/notepad-plus-plus/issues/16638#issuecomment-2947240947

@Emmanuel-Meekers
AFAIK there is no technical means to limit the number of plugins a user is able to install. You can only remove the capability to install plugins at all.

You could do a survey which plugins your employees need. There can be different needs, e.g. technical staff likely needs other plugins than employees that ar more involved in administrative tasks. Then you can install these plugins on the employee’s machines.

After that you need to rename or delete <install-directory>\updater\GUP.exe to prevent users from installing any other plugins. As long as your employees don’t have admin access to Notepad++'s install directory, they are not able to revert these changes.

The disadvantage is that your users neither will be able to update Notepad++ itself nor the installed plugins. This is something your ICT department has to do.

@Alan-Kilborn So where should this be discussed then?

I would greatly appreciate if anyone did know of some little FOOS tool/script like I mentioned, more reliable than what I’ve hacked together, to help me secure my friends cyber security.

Can people here DM me suggestions?

If there was a discord this could be spun off into a thread.

I’m not sure if it matters to anyone but the suggestions and discussion so far have been really helpful and spot on solving the problem which I’m still using NPP for BTW (such as displaying instructions as we just discussed).

For some perspective, the person I’m trying to help recently lost 7kg in just over a week due to stress and worry from being targeted and harassed by some hacker/scammer that’s been messing with then, trying to take accounts etc for a while now.

I agree it’s not on strictly topic and I don’t expect to discuss this here, it’s just without at least giving a way to continue the discussion elsewhere, given the fact that it’s still directly addressing the goal I initially stated, and the potential consequences to people, it seems kinda callous to just stomp on it like we’re posting cat memes.

So how and where should this be continued, or is that irrelevant?

@Izzy-Gonzalez said in Notepadd++ General version update function:

Is there any way to allow a normal user to update the software without having to provide the user admin rights to the local PC?

Microsoft has defined C:\Program Files\ (and equivalent, though I’ll use that as the generic path going forward in this post) as requiring UAC (elevated privileges, or “Admin privileges”). If someone installs Notepad++ into C:\Program Files\Notepad++\, then it will require admin rights (unless you have disabled UAC on your PC).

If you cannot disable UAC requirements, you could try changing the permission of the C:\Program Files\Notepad++\ directory (and all subdirectories) – which will require UAC/Admin once to be able to change the permissions, but should successfully update thereafter. (That’s what I do on my work machine, since I frequently update Notepad++ or its plugins, and got tired of entering my password every time I did.)

If changing permissions of the installation directory is not something you’re interested in, you might consider installing Notepad++ to a location where you do have write access, instead of in the default C:\Program Files\Notepad++\ – maybe you could create a directory called C:\LocalApps\, and install Notepad++ as C:\LocalApps\Notepad++\ . As long as you installed it as your local, non-privileged user and have appropriate permissions in the C:\LocalApps\ hierarchy, you shouldn’t be pestered for Admin rights on future updates.

@Paolo-Monni ,

I found this comment from Don which indicates that DigiCert donated a certificate in 2022. (And previously in v7.7 release notes in 2019.)

So yes, it’s a free certificate donated by the certificate authority. I don’t know of any cheap sources for mere mortals

Update: a quick web search found this reddit discussion which had discussions about a few options – it started 3 years ago, but there have been a few more-recent comments, and it at least gives a starting point for future research.

@Shravan-Joshi ,

When are you planning …

We at this Forum are the Community of Notepad++ users, not the developer. We are not planning to update anything.

This is apparently a rather new issue – it was just publicly reported to the author yesterday. But you can watch that official issue to see when something happens with it.

@saladah0330 - I uploaded Notepad++ v8.6.7 to https://www.virustotal.com/gui/home/upload and that web site says Zillya / Trojan.Rozena.Win32.219427

If you search the Notepad++ forums for Zillya you will find it’s a longstanding issue. As AV vendors do not document the details of their detection process we don’t know why that particular scanner complains about Notepad++.

Notepad++'s triggering for updates process is not related to this issue. The installer package that you download is exactly the same regardless on if a download was before or after is triggered for updates.

It’s a puzzle that Zillya did not complain about the file you downloaded. If you still have the installer.exe file see if Zillya still does not complain.

The size of your file should be one of:

4,701,256 bytes for npp.8.6.7.Installer.exe 4,854,296 bytes for npp.8.6.7.Installer.x64.exe

Check your web browser’s download history and get the exact URL that you downloaded the installer from. It should be either

https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.6.7/npp.8.6.7.Installer.x64.exe https://github.com/notepad-plus-plus/notepad-plus-plus/releases/download/v8.6.7/npp.8.6.7.Installer.exe

The download page at https://notepad-plus-plus.org/downloads/v8.6.7/ has GPG signatures that can be used to see if the exe you have in hand matches what Notepad++'s developer intended you have…

@bitRAKE
Good catch! I already an issue in the mimeTools repo referencing that article.

Of course, if it is, as you say, not an issue with the official plugin but rather an issue with Notepad++ loading a malicious DLL of the same name, I guess there’s nothing Don Ho can do about the issue.