Recent iterations of the TorBrowser, especially those containing the updated tor.exe file, encountered a hiccup with Windows Defender, which erroneously flagged them as potential threats.
Windows Defender raised alarms, suggesting a possible trojan, which understandably unnerved the community. But it ended up being a false alarm.
To address this, TorBrowser engaged with Microsoft, which resulted in a clarification. Microsoft remarked, “Upon evaluating the provided files, we found they don’t match our criteria for malware or undesired apps. Consequently, we’ve eliminated the said detection.”
For individuals still encountering this erroneous alert, Microsoft offered a straightforward resolution:
- Launch the command prompt with administrative privileges.
- Direct yourself to c:\Program Files\Windows Defender.
- Execute “MpCmdRun.exe -removedefinitions -dynamicsignatures”.
- Then, run “MpCmdRun.exe -SignatureUpdate” afterward. Those who favor manual interventions can fetch the most recent definitions here.
Virus Total, a platform dependent on multiple security vendors for file scanning, also exhibited similar cautions.
Several users pondered whether an initial check via VirusTotal.com might have averted this mishap. They voiced disappointment over the apparent oversight of such a routine security step.
A user shared their exasperation, stating, “It’s perplexing how a version was made available to users without first undergoing a VirusTotal.com evaluation. For days, we were clouded with uncertainties. Going forward, each version should be accompanied by a VirusTotal assessment, allowing downloaders to independently verify the absence of virus alerts, especially upon release.”
Addressing the concerns, a Tor spokesperson provided some clarifications:
- The disputed tor.exe from TorBrowser 12.5.6 wasn’t novel. It’s identical to the one in version 12.5.5. Notably, the previous version’s launch didn’t garner such concerns. Those who evaded the issue by opting for 12.5.5 probably fetched the 32-bit edition, inadvertently bypassing the snag.
- Currently, Tor doesn’t maintain a protocol to submit files to VirusTotal pre-release.
In brighter news, Microsoft Defender has ceased misidentifying Tor Browser. From the newest signature database (version 1.397.1910.0), Windows Defender no longer mistakenly identifies tor.exe as malicious.
If your Tor Browser recently malfunctioned, here’s a remedy:
- Refresh your Windows Defender.
- Either recover tor.exe from the quarantine or,
- Procure the TorBrowser afresh from the Tor Project’s official portal. Lastly, it’s always prudent to authenticate the signature prior to installation.