Hello, after experiencing some virus issues, I reset my computer and installed Norton. However, since installing Norton, I have been unable to use Goodbye DPI. I generally used it while accessing platforms such as Discord, Roblox, and other games, but it is not working at the moment. Please assist me. If I cannot find a solution, I will have to uninstall it
are you referring to:
https://en.wikipedia.org/wiki/GoodbyeDPI
https://github.com/ValdikSS/GoodbyeDPI
===============================
Norton 360 typically objects to GoodbyeDPI because the software uses advanced network techniques that resemble malicious behavior, even though GoodbyeDPI itself is a legitimate tool used to bypass Deep Packet Inspection (DPI) and internet censorship.
- Add an Exception: Use the Norton 360 Settings to add the GoodbyeDPI folder or executable to the “Program Exclusions” list.
- Report a False Positive: If Norton continues to block it, you can submit the file to the Norton False Positive portal for official review.
It is highly unlikely that Norton 360 will allow GoodbyeDPI to run by default without some level of manual intervention. Because of how the software functions, Norton’s security layers are designed to catch exactly the type of activity GoodbyeDPI performs.
If you downloaded GoodbyeDPI from the official GitHub, it is widely considered safe by the privacy community. However, if you got it from any other source, Norton’s alert might be a true positive, as third-party mirrors often bundle this tool with actual malware.
Note: AI sourced content may make mistakes
1 Like
fwiw ~ as test:
Details
Developers: Unknown
Version: Unknown
Identified: 3/28/26
Last Used: 3/28/26
Startup Item: No
Many users
Thousands of users in the Norton Community have used this file.
Mature
This file was released 4 years ago.
Trusted
Norton has given this file a trusted rating.
Origin
Downloaded from: https://release-assets.githubusercontent.com/github-production-release-asset/9149308[...]5119396b
Caveat: I’m not familiar with GoodbyeDPI
File: goodbyedpi.exe
File size: 73.5 KB (75,264 bytes)
SHA256 checksum: 331AC6C1D22BA5A0A217F3F27D0D823051869CAFC8B8EF7F2002FA2ACCEBC74E
Date/Time: 3/28/2026
https://www.virustotal.com/gui/file/331ac6c1d22ba5a0a217f3f27d0d823051869cafc8b8ef7f2002fa2accebc74e
The binary is identified as GoodbyeDPI (v0.2.2), an open-source utility designed to bypass Deep Packet Inspection (DPI) systems used for internet censorship. It utilizes the legitimate WinDivert driver library to intercept, parse, and reinject network traffic (WinDivertOpen, WinDivertRecv, WinDivertSend). The tool employs several network manipulation techniques: TCP/HTTP packet fragmentation, HTTP header case mixing (e.g., ‘hoSt’), TTL manipulation to confuse passive DPI, and DNS redirection/flushing (DnsFlushResolverCache). While these low-level packet manipulation techniques are occasionally seen in malicious traffic redirectors, the strings, metadata, and functionality align perfectly with a known legitimate anti-censorship tool. Relevant IOCs include references to github.com/ValdikSS/GoodbyeDPI and the GoodbyeDPI Windows service name.
===============================
File: WinDivert.dll
File size: 23.0 KB (23,552 bytes)
SHA256 checksum: A97859785A2DF1D4462E7D48D33CCBD89FEDD40DAC4970F4AFD89E63F59EE1EC
Date/Time: 3/28/2026
https://www.virustotal.com/gui/file/a97859785a2df1d4462e7d48d33ccbd89fedd40dac4970f4afd89e63f59ee1ec
================================
File: WinDivert64.sys
File size: 49.4 KB (50,592 bytes)
SHA256 checksum: 53AB28EC00BE6E6F8AEFA9EE76FC2735E94D7F3F9DBC06EB2B7AC8CD3084A6AF
Date/Time: 3/28/2026
https://www.virustotal.com/gui/file/53ab28ec00be6e6f8aefa9ee76fc2735e94d7f3f9dbc06eb2b7ac8cd3084a6af
The analyzed sample is the kernel-mode driver for WinDivert (Windows Packet Divert) version 1.4.0-rc. It is a legitimate, open-source utility used for capturing, filtering, and modifying network packets. The binary employs the Windows Filtering Platform (WFP) to register callouts and filters (FwpmFilterAdd0, FwpsCalloutRegister0) and uses NDIS for buffer management. It supports packet re-injection via FwpsInjectNetworkSendAsync0 and FwpsInjectNetworkReceiveAsync0. While WinDivert is a dual-use tool frequently abused by malware to intercept communications or bypass security, the binary itself follows legitimate driver patterns and contains clear metadata linking it to the official WinDivert project at reqrypt.org.
===============================
Caveat: I’m not familiar with GoodbyeDPI
1 Like
Hello @lawhe1s
Care to share your progress
All: I believe the issue to be what this software does and how its being detected. A third party security solution will nail things that are doing packet inspections when it is already doing it as being nefarious.
Key features and details include:
-
How it Works: It operates on Windows by injecting specially crafted packets or fragmenting packets to evade DPI systems, primarily targeting Active and Passive DPI methods
-
Use Cases: Frequently used to bypass restrictions on YouTube, Telegram, LinkedIn, and various news sites.
-
Not a VPN: It does not change your IP address or route traffic through third-party servers, which means your true location is not hidden, but speed remains high.
-
Usage: It is a console utility designed for Windows 7, 8, 10, and 11. It is highly effective in Russia and other countries with similar restriction methods.
-
Setup: It requires no configuration, though it runs via scripts (e.g.,
2_any_country_dnsredir.cmdfor general use).
It is important to note that it is designed primarily for bypassing restrictions rather than providing anonymity.
SA