How model downloads work
Sonavi model downloads happen inside the signed Windows app. The app downloads the selected model over HTTPS, stores it locally, checks the expected byte size and SHA-256 metadata, and installs the model only after integrity checks pass.
Sonavi does not require users to paste PowerShell, curl, or hash-check commands to install or verify models.
If a model download fails, Sonavi records diagnostics with the model ID, engine ID, version, download host, download path, expected size, downloaded bytes, expected SHA-256, actual SHA-256 when available, hash verification result, HTTP status when available, and a failure category.
Do not run pasted shell commands
Do not paste PowerShell, curl, or hash-check commands from a browser, chat, email, or support session to install or verify Sonavi models. Expected Sonavi model downloads happen inside the signed Windows app.
If Microsoft Defender reports a ClickFix-style alert
PowerShell or curl command-line detections should be taken seriously. Expected Sonavi runtime downloads happen in the app, not through pasted shell commands.
Collect the Defender threat name, detection time, full command line, parent process, and a Sonavi diagnostics export. Do not run additional shell download commands to verify the alert.
Treat browser-launched, Windows Run, unknown parent process, pasted-command, or no-expected-Sonavi-activity cases as security incidents.
Admin checklist
Use these checks before deciding whether the activity was expected Sonavi app behavior.
- Confirm the URL host is models.sonavi.app.
- Confirm the activity happened while Sonavi was installing, updating, first launching, or downloading a selected model.
- Open Sonavi Diagnostics and use Export to Desktop.
- Review model download diagnostics for model ID, host, path, expected size, downloaded bytes, expected SHA-256, actual SHA-256 when available, hash verification result, HTTP status, and failure category.
- Escalate as a security incident if the alert involves a pasted shell command, a browser parent process, Windows Run, an unknown process, or no expected Sonavi model activity.
Enterprise allowlisting
If runtime model downloads are allowed in your environment, allow outbound HTTPS on TCP 443 to models.sonavi.app. Allowlisting should follow your organization's normal security review and policy process.
Do not disable or bypass Microsoft Defender, App Control, Intune, firewall, proxy, TLS inspection, DLP, or endpoint-security policy. If runtime downloads are not allowed, use an admin-approved offline model deployment process instead.
Examples
Expected model download
You say: A user chooses an offline transcription model in Sonavi on a managed Windows device.
Sonavi does: Sonavi downloads from models.sonavi.app, verifies size and SHA-256, and records model download diagnostics.
This is expected app behavior when the selected model was not already installed.
Command-line Defender alert
You say: Defender reports a command line that starts powershell.exe and uses curl.exe to download from models.sonavi.app.
Sonavi does: Sonavi support asks for the alert details and exported Sonavi diagnostics, not another shell command.
Treat pasted-command or browser-launched cases as possible ClickFix or social-engineering incidents.
FAQ
Is models.sonavi.app an official Sonavi host?
Yes. models.sonavi.app is Sonavi's official host for offline transcription model artifacts, metadata, license files, and notice files.
Does Sonavi upload my audio or transcript text to models.sonavi.app?
No. models.sonavi.app is used for public model distribution assets, not user audio or transcript upload.
Do I need to run PowerShell or curl to install a Sonavi model?
No. Sonavi model downloads happen inside the signed Windows app. Do not paste shell commands to install or verify models.
What should I do if Defender flags a model download?
Export Sonavi diagnostics from the Diagnostics window, collect the Defender threat name, detection time, full command line, and parent process, then contact support or your security team. Do not run additional shell download commands to verify the alert.
Should I disable Microsoft Defender or enterprise security tools?
No. Do not disable or bypass Defender, App Control, Intune, firewall, proxy, TLS inspection, DLP, or endpoint-security policy. Use normal allowlist or offline deployment processes approved by your organization.
Export diagnostics
Use Sonavi's Diagnostics Export to Desktop action when support needs model download evidence.