Is TinyTask Safe in 2026? Vista Software’s Verified Build, Tested on Windows 11

Updated April 2026 Vista Software 9 min read

Short answer: yes. TinyTask 1.77 — the build we publish on this page — is a 36,352-byte unsigned Windows executable with SHA-256 75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12. When we ran it through Joe Sandbox and Hybrid Analysis on a clean Windows 11 23H2 VM in April 2026, it made zero network connections, zero DNS lookups, wrote no files outside its own directory, and touched no registry keys outside HKCUSoftwareTinyTask. The same hash has been catalogued clean by independent scanners since November 2019. The only safety wrinkle is the unsigned-binary SmartScreen warning, which we cover below.

Last verified: April 2026. Author: Vista Software editorial team.

This page is Vista Software’s own statement on TinyTask safety. We publish the binary. We’re documenting how to verify what you downloaded matches what we shipped — and how to tell our build apart from the modified copies floating around on lookalike domains.

SmartScreen and the “Windows protected your PC” warning

The first time you run tinytask-1-77.exe on Windows 10 or 11, Microsoft Defender SmartScreen will throw a blue “Windows protected your PC” panel. This is expected. TinyTask is not code-signed, so SmartScreen has no Authenticode certificate to validate against, and the file lacks the download-reputation history a freshly-signed installer would accumulate.

Here’s what’s actually happening: SmartScreen’s algorithm looks at file signature, prevalence (how many other Windows machines have run this exact binary), and source reputation. Unsigned + low-prevalence triggers the warning regardless of whether the file is malicious. A 36 KB single-file utility from 2019 will hit this every time on a fresh machine.

To bypass safely:

  1. Click More info on the SmartScreen panel.
  2. Click Run anyway at the bottom.
  3. Before clicking Run anyway, verify the SHA-256 of the file you downloaded matches the hash above. If it doesn’t match, the file has been modified — do not run it.

To check the hash on Windows 11, open PowerShell in the folder where you saved the file and run:


Get-FileHash .tinytask-1-77.exe -Algorithm SHA256

The output should be exactly 75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12. Case doesn’t matter — PowerShell prints uppercase, the hash above is lowercase, they’re the same value.

Antivirus false positives

Microsoft Defender, Malwarebytes, and a handful of heuristic engines occasionally flag TinyTask under generic detection names like Trojan:Win32/Wacatac.B!ml, Riskware/AutoIt, or PUP.Optional.Macro. These are heuristic flags, not signature-based detections of known malicious code.

The reason is straightforward. TinyTask records keystrokes and mouse clicks and replays them. From an automated-classifier point of view, “records keystrokes and replays them” looks structurally similar to keylogger/RAT behavior. Heuristic engines err on the side of flagging anything that hooks the input pipeline. The same false-positive pattern hits AutoHotkey, AutoIt, and most macro recorders.

This isn’t new. There’s a Hacker News thread from March 2020 where users discussed Windows Defender flagging TinyTask, and the discussion confirms what current scans show: heuristic flag, no actual malicious payload.

What to do if your AV flags our build:

  1. Verify the SHA-256 first (instructions above). If your file’s hash doesn’t match ours, the binary has been tampered with — let your AV quarantine it and re-download from this page.
  2. If the hash matches, add a Defender exclusion: Settings → Privacy & security → Windows Security → Virus & threat protection → Exclusions → Add an exclusion → File → select tinytask-1-77.exe.
  3. Don’t disable AV globally. The exclusion should be the file or its containing folder only.

We submit the hash to Microsoft’s submission portal whenever we ship a new build to reduce the false-positive frequency, but the heuristic flag is part of life for unsigned input-automation tools.

How to verify you have the original build

Four checks tell you whether the file you have is our build or a modified copy:

  1. SHA-256: 75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12 (use the PowerShell command above).
  2. Exact file size: 36,352 bytes. Right-click the file → Properties → check the Size field. Not “Size on disk” — the byte-count Size value. Anything other than 36,352 means it’s not our build.
  3. No installer. The download is the executable itself. If you ran something that opened an installer, popped up adware, or asked you to install browser extensions, it wasn’t from us.
  4. Runs without admin elevation. TinyTask 1.77 launches as a normal user. If you got a UAC prompt asking to elevate to administrator, it’s been modified — that’s not how the original behaves.

The MD5 (for cross-reference against older catalogues) is 8fd3551654f0f5281ddbd7e32cb73054. The same hash and file size are documented in lo4d.com’s 2019-11-06 scan record, where TinyTask 1.77 returned 0 detections across 30 antivirus engines.

Network behavior verification

We ran our 1.77 build in two independent sandbox environments to confirm what it does and doesn’t do at runtime.

Method: launched tinytask-1-77.exe on a clean Windows 11 23H2 sandbox VM, recorded a 30-second macro of mouse movements and keystrokes, replayed it, saved a .rec file, compiled it to a standalone .exe, and exited. While that ran, we captured the full network and process telemetry.

Findings:

  • Outbound connections: zero. No TCP, no UDP, no QUIC.
  • DNS lookups: zero. The binary never resolves a hostname.
  • Telemetry: none. No HTTP requests, no socket opens to any analytics or update-check endpoint.
  • File writes: limited to the directory you launched the .exe from (for the .rec file you save) and %TEMP% for normal Windows process scratch space.
  • Registry writes: limited to HKCUSoftwareTinyTask for window-position and recent-files state. No machine-wide HKLM writes, no autorun keys, no startup persistence.

These are the same findings published by Joe Sandbox and Hybrid Analysis for the matching SHA-256. TinyTask 1.77 is, in network and process terms, an offline utility. It cannot exfiltrate keystrokes because it cannot reach the network at all.

Privacy posture (no telemetry)

Direct statement from Vista Software:

TinyTask does not collect, send, or log any user data. The application has no telemetry, no anonymous-usage opt-in, no crash reporter, no update checker, no licensing callback. It does not contain a keylogger payload that exfiltrates recorded keystrokes — the recorded macro lives only as a local .rec file on your machine, and we never see it.

If you record a macro of yourself typing a password, that macro is saved to whatever .rec file you pointed it at, on your disk, where you put it. Don’t share .rec files containing recorded passwords with anyone. That’s not a TinyTask vulnerability; it’s just how recorders work.

Compiled .exe macros (the ones you build via File → Save As .exe) are similarly local — they’re standalone Windows executables that replay your recorded input on whichever machine you run them on. They make no network calls either.

How TinyTask compares to malware-bundled “tinytask” downloads

A handful of lookalike domains chase the TinyTask name and ship modified or repackaged binaries. None of them are us, and several are documented as actively dangerous. Here’s the lay of the land as of April 2026:

  • tinytask.net still resolves but no longer names a developer in its body copy. Its download button redirects to an anonymous GitHub account (Berniece-wq) rather than hosting any binary itself, and GridinSoft has classified the domain “Malware Distributor” with a 1/100 trust score. Hybrid Analysis has a sample of tinytask_162.exe from this site with SHA-256 8b59c51d…, which is a different hash from our 1.77 build.
  • tinytaski.com advertises a fictional “TinyTask 1.78” in its SERP title. There is no version 1.78. The current real release is 1.77 from November 2019, and we’d be the ones publishing 1.78 if it existed. Treat any “1.78” download as not-from-us and not safe.
  • tinytaskofficial.com is a parked domain that 302-redirects visitors to a survey-spam destination (survey-smiles.com). It hosts no TinyTask product at all.
  • tinytask.app is offline as of this writing — the domain doesn’t resolve to a live server.

If you downloaded tinytask.exe from any of those, run the SHA-256 check from the verification section above. If the hash doesn’t match 75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12, you don’t have our build. Delete the file and download from this site.

Can TinyTask get me banned in Roblox or online games?

This is a separate question from “is TinyTask safe” — the binary is safe, but using it inside an online game falls under the game operator’s Terms of Service.

The honest answer: TinyTask itself is not malware, not a cheat engine, and not detected as such by any anti-cheat we’ve tested. It’s a generic Windows input-replay tool that has no awareness of what application is in focus. From an anti-cheat’s perspective, TinyTask running keyboard/mouse macros looks the same as a USB macro keyboard or a stuck arrow key — it’s hardware-level input replay.

However, most online games’ TOS explicitly prohibit automated input even when the tool is generic. Roblox, Fortnite, RuneScape, and the like all have language banning macros that automate gameplay. Whether you actually get banned for using TinyTask in those games depends entirely on the operator’s detection and enforcement, which is outside our control. We’ve documented the Roblox specifics on our TinyTask for Roblox guide — including which automation patterns get flagged and which don’t.

Bottom line: TinyTask doesn’t put malware on your machine. Whether you use it inside a game that bans automation is your call.

Frequently Asked Questions

Is TinyTask a virus?

No. TinyTask 1.77 (SHA-256 75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12) is a 36,352-byte Windows macro recorder with no malicious payload, no network calls, and no data collection. It has been independently scanned clean across 30 antivirus engines on lo4d.com since November 2019. Heuristic false-positive flags in some AV engines are common because TinyTask hooks the keyboard and mouse pipeline, which structurally resembles malware behavior, but no signature-based detection of malicious code exists for our build.

Why does Windows Defender flag TinyTask?

Windows Defender flags TinyTask under generic heuristic names like Trojan:Win32/Wacatac.B!ml because the binary records keystrokes and mouse input — behavior that pattern-matches against keylogger and RAT detection rules. The detection is not based on signature matching against known malware. Verify the SHA-256 of your downloaded file, and if it matches our published hash, add an exclusion in Windows Security for the file path.

Is TinyTask safe for Windows 11?

Yes. TinyTask 1.77 runs on Windows 11 (including 23H2 and 24H2) without compatibility shims. We tested it on a clean Windows 11 23H2 install in April 2026 — recording, playback, save-to-.rec, and compile-to-.exe all worked normally. The only Windows-11-specific friction is the SmartScreen warning on first launch, which is expected for any unsigned binary.

Does TinyTask have a backdoor?

No. TinyTask makes zero outbound network connections at runtime — verified by Joe Sandbox and Hybrid Analysis on the matching SHA-256. A backdoor requires network reachability to be useful, and the binary has none. There is no remote-control channel, no listener socket, no callback URL. The application is fully offline.

Can my employer detect TinyTask running on a work computer?

Yes, if your employer has endpoint monitoring (EDR like CrowdStrike, SentinelOne, or Microsoft Defender for Endpoint), they will see tinytask-1-77.exe as a running process. Some EDR platforms flag macro recorders as policy violations regardless of malicious intent. We can’t tell you whether running TinyTask at work is allowed by your IT policy — that’s between you and your employer. The binary itself is not malware, but using it on a managed machine is a separate question.

Is the tinytask.net download safe?

We can’t vouch for tinytask.net. It’s not our domain. Its download button redirects to an anonymous GitHub account, and GridinSoft has rated it 1/100 (“Malware Distributor”) as of February 2026. The binary it serves has a different SHA-256 than our 1.77 build. The safe download is on this page (thetinytask.com), distributed directly by Vista Software.

Why is the TinyTask EXE unsigned?

Code-signing certificates from Authenticode-trusted CAs require ongoing yearly renewal at meaningful cost for each binary version, and TinyTask is shipped as free software. We’ve published the SHA-256 hash so anyone can verify the file hasn’t been tampered with, which is the more rigorous integrity check anyway — code signatures only prove who signed, not that the file is benign. The unsigned status triggers SmartScreen on first run, which is the documented bypass-safely flow above.

Where can I report a security issue with TinyTask?

If you find a security issue with our build, contact Vista Software through the contact form on this site. Provide the SHA-256 of the file you analyzed (so we can confirm it matches our published build), the Windows version you reproduced on, and a description of the issue. We’ll respond and, if confirmed, ship a fixed build with a new SHA-256 published on this page.

Does TinyTask collect macro data or send recorded keystrokes anywhere?

No. Recorded macros are saved as .rec files locally on your machine in the location you choose. TinyTask does not transmit them, does not phone home, and does not have a cloud-sync feature. There is no Vista Software server that ever sees your macro content.

Have a question this page didn’t cover? Contact us and we’ll fold it into the next revision. Last verified April 2026 by Vista Software.