Recent versions of the TorBrowser, specifically because of the updated tor.exe file it contained, were being incorrectly flagged as potential threats by Windows Defender.
Users were alerted to a possible trojan, causing a bit of a stir in the community, but this was a case of false positives.
TorBrowser has an update on this matter. After contacting Microsoft about the issue, TorBrowser received a definitive response.
Microsoft stated, "We've reviewed the submitted files and have determined that they do not fit our definitions of malware or unwanted applications. As such, we've removed the detection."
For users who still see this false positive, Microsoft provided a clear set of instructions to update and clear any previous flags:
- Open the command prompt as an administrator.
- Navigate to c:\Program Files\Windows Defender.
- Run the command “MpCmdRun.exe -removedefinitions -dynamicsignatures”.
- Follow it with “MpCmdRun.exe -SignatureUpdate”.
For those who prefer manual updates, Microsoft has made the latest definitions available here.
Similar warnings were also spotted in Virus Total, which relies on third-party security vendors to scan uploaded files.
Some users noted that a preliminary VirusTotal.com check might have prevented this oversight, expressing dismay that such a standard safety measure was apparently overlooked.
A frustrated user remarked, "It's concerning that a release made it to the public without a prior VirusTotal.com check. For an entire weekend, users were left grappling with doubts. Henceforth, every release should be paired with a VirusTotal review. This way, anyone downloading the software can personally ensure no virus detection flags it—at least not at the launch."
Responding to the criticisms, a representative from Tor highlighted some notable points.
- The tor.exe file in question from TorBrowser 12.5.6 isn't a new addition—it's byte-for-byte the same file used in the 12.5.5 version. Interestingly, no issues were reported when that version was launched. Some who found a workaround by downloading 12.5.5 likely downloaded the 32-bit variant, sidestepping the problem quite unintentionally.
-
Presently, Tor doesn't have a standing procedure for uploading files to VirusTotal before release.
Microsoft Defender is no longer flagging Tor Browser
As of the latest signature database (version 1.397.1910.0), Windows Defender no longer flags tor.exe as a trojan.
If you found your Tor Browser non-functional recently, here's what you can do:
- Ensure your Windows Defender is updated.
- Either retrieve tor.exe from quarantine or,
- Redownload the TorBrowser directly from the Tor Project website.
And as a safety reminder, it is recommended to verify the signature before installation.
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.