Windows Defender Retracts: TorBrowser Not a Threat After All

Reading Time: ( Word Count: )

October 3, 2023
Nextdoorsec-course

Recent iterations of the TorBrowser, especially those containing the updated tor.exe file, encountered a hiccup with Windows Defender, which erroneously flagged them as potential threats.

Windows Defender raised alarms, suggesting a possible trojan, which understandably unnerved the community. But it ended up being a false alarm.

To address this, TorBrowser engaged with Microsoft, which resulted in a clarification. Microsoft remarked, “Upon evaluating the provided files, we found they don’t match our criteria for malware or undesired apps. Consequently, we’ve eliminated the said detection.”

For individuals still encountering this erroneous alert, Microsoft offered a straightforward resolution:

  • Launch the command prompt with administrative privileges.
  • Direct yourself to c:\Program Files\Windows Defender.
  • Execute “MpCmdRun.exe -removedefinitions -dynamicsignatures”.
  • Then, run “MpCmdRun.exe -SignatureUpdate” afterward. Those who favor manual interventions can fetch the most recent definitions here.
Windows Defender Retracts: TorBrowser Not a Threat After All

Also Read: British Royal Family’s Digital Platform Targeted

Virus Total, a platform dependent on multiple security vendors for file scanning, also exhibited similar cautions.

Several users pondered whether an initial check via VirusTotal.com might have averted this mishap. They voiced disappointment over the apparent oversight of such a routine security step.

A user shared their exasperation, stating, “It’s perplexing how a version was made available to users without first undergoing a VirusTotal.com evaluation. For days, we were clouded with uncertainties. Going forward, each version should be accompanied by a VirusTotal assessment, allowing downloaders to independently verify the absence of virus alerts, especially upon release.”

Addressing the concerns, a Tor spokesperson provided some clarifications:

  • The disputed tor.exe from TorBrowser 12.5.6 wasn’t novel. It’s identical to the one in version 12.5.5. Notably, the previous version’s launch didn’t garner such concerns. Those who evaded the issue by opting for 12.5.5 probably fetched the 32-bit edition, inadvertently bypassing the snag.
  • Currently, Tor doesn’t maintain a protocol to submit files to VirusTotal pre-release.

In brighter news, Microsoft Defender has ceased misidentifying Tor Browser. From the newest signature database (version 1.397.1910.0), Windows Defender no longer mistakenly identifies tor.exe as malicious.

If your Tor Browser recently malfunctioned, here’s a remedy:

  • Refresh your Windows Defender.
  • Either recover tor.exe from the quarantine or,
  • Procure the TorBrowser afresh from the Tor Project’s official portal. Lastly, it’s always prudent to authenticate the signature prior to installation.
Noor Khan

Noor Khan

Author

My name is Noor, and I am a seasoned entrepreneur focused on the area of artificial intelligence. As a robotics and cyber security researcher, I love to share my knowledge with the community around me.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *