Recent versions of the TorBrowser, specifically because of the updated tor.exe file it contained, were being incorrectly flagged as potential threats by Windows Defender.
Users were
alerted to a possible trojan, causing a bit of a stir in the community, but this was a case of false positives.
TorBrowser has an update on this matter. After contacting Microsoft about the issue, TorBrowser
received a definitive response.
Microsoft stated, "We've reviewed the submitted files and have determined that they do not fit our definitions of malware or unwanted applications. As such, we've removed the detection."
For users who still see this false positive, Microsoft provided a clear set of instructions to update and clear any previous flags:
- Open the command prompt as an administrator.
- Navigate to c:\Program Files\Windows Defender.
- Run the command “MpCmdRun.exe -removedefinitions -dynamicsignatures”.
- Follow it with “MpCmdRun.exe -SignatureUpdate”.
For those who prefer manual updates, Microsoft has made the latest definitions available
here.
Similar warnings were also spotted in Virus Total, which relies on third-party security vendors to scan uploaded files.
Some users
noted that a preliminary VirusTotal.com check might have prevented this oversight, expressing dismay that such a standard safety measure was apparently overlooked.
A frustrated user remarked, "It's concerning that a release made it to the public without a prior VirusTotal.com check. For an entire weekend, users were left grappling with doubts. Henceforth, every release should be paired with a VirusTotal review. This way, anyone downloading the software can personally ensure no virus detection flags it—at least not at the launch."
