Tor browser

Recent versions of the TorBrowser, specifically because of the updated tor.exe file it contained, were being incorrectly flagged as potential threats by Windows Defender.

Users were alerted to a possible trojan, causing a bit of a stir in the community, but this was a case of false positives.

TorBrowser has an update on this matter. After contacting Microsoft about the issue, TorBrowser received a definitive response. 

Microsoft stated, “We’ve reviewed the submitted files and have determined that they do not fit our definitions of malware or unwanted applications. As such, we’ve removed the detection.”

For users who still see this false positive, Microsoft provided a clear set of instructions to update and clear any previous flags:

  1. Open the command prompt as an administrator.
  2. Navigate to c:Program FilesWindows Defender.
  3. Run the command “MpCmdRun.exe -removedefinitions -dynamicsignatures”.
  4. Follow it with “MpCmdRun.exe -SignatureUpdate”.

For those who prefer manual updates, Microsoft has made the latest definitions available here.

Similar warnings were also spotted in Virus Total, which relies on third-party security vendors to scan uploaded files.

Some users noted that a preliminary VirusTotal.com check might have prevented this oversight, expressing dismay that such a standard safety measure was apparently overlooked.

A frustrated user remarked, “It’s concerning that a release made it to the public without a prior VirusTotal.com check. For an entire weekend, users were left grappling with doubts. Henceforth, every release should be paired with a VirusTotal review. This way, anyone downloading the software can personally ensure no virus detection flags it—at least not at the launch.”

Responding to the criticisms, a representative from Tor highlighted some notable points.

Microsoft Defender is no longer flagging Tor Browser

As of the latest signature database (version 1.397.1910.0), Windows Defender no longer flags tor.exe as a trojan.

If you found your Tor Browser non-functional recently, here’s what you can do:

  1. Ensure your Windows Defender is updated.
  2. Either retrieve tor.exe from quarantine or,
  3. Redownload the TorBrowser directly from the Tor Project website.

And as a safety reminder, it is recommended to verify the signature before installation.

Source: www.bleepingcomputer.com