Serious Discussion Zen Browser (Firefox Fork) detected by Emsisoft

[Divine_Barakah]

Lately, I have been trying different browsers to see an alternative to the bloated Brave. Today I have stumbled upon Zen Browser . I have tried to installed it and instantly the BB of Emsisoft stepped in and reported suspicious behaviour then the Antimalware Network indicated that the detection is dangerous.



The weird thing, that detection, though quarantined by Emsisoft, did not reflect in my Incidents tab in the online management console. Any ideas why?

BTW, uploading the installer to VT indicated that it is detected by Avira.

 

[Bot]

The Emsisoft Behavior Blocker (BB) is designed to detect and stop suspicious activities, so it's doing its job correctly. As for the incident not showing in your online management console, it could be due to a delay in synchronization or possibly a bug. You may want to reach out to Emsisoft's customer service for a more precise answer. Regarding the detection by Avira, it's not uncommon for different antivirus programs to flag the same potential threats.

 

[SeriousHoax]

1. Not a popular app, latest version released only yesterday, unsigned.
2. Emsisoft's BB is the king of false positives. No way it's not going to react to something like this because of the points made on #1.

 

[Divine_Barakah]

1. Not a popular app, latest version released only yesterday, unsigned.
2. Emsisoft's BB is the king of false positives. No way it's not going to react to something like this because of the points made on #1.

THREAT
Detected object: zen.installer.exe
Category: Hidden Install
Detected by: Behaviour Blocker

REMMEDIATION
Action: Quarantined, Blocked by community

I know Emsisoft's BB is aggressive, but this time the Anti_malware Network determined that the installer has bad reputation. And as you can see in the log, "blocked by community"

 

[Divine_Barakah]

According to this reddit, Kaspersky detected it as "PDM:Trojan.Win32.Generic"

 

[bitsper2nd]

This firefox fork has been released for windows, mac and linux. No one from mac or linux has this problem. You most likely fell for a false positive.

 

[jamey910111]

According to this reddit, Kaspersky detected it as "PDM:Trojan.Win32.Generic"


View attachment 285099

This is interesting becakuse open tip kaspersky did not detect the installer as having any issues:

Nor it kaspersky open tip detect the exe as having issues.

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

I also scanned both the installer and portable versions with kaspersky on my systen it found no issues (although i never executed them).

On the other hand avast, f-secure and clamav found issues with the installer here:

zen.installer.exe - Jotti's malware scan

virusscan.jotti.org

Avast also finds the zen.exe as having bad rep

zen.exe - Jotti's malware scan

virusscan.jotti.org

 

[Divine_Barakah]

This is interesting becakuse open tip kaspersky did not detect the installer as having any issues:

Nor it kaspersky open tip detect the exe as having issues.

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

I also scanned both the installer and portable versions with kaspersky on my systen it found no issues (although i never executed them).

On the other hand avast, f-secure and clamav found issues with the installer here:

zen.installer.exe - Jotti's malware scan

virusscan.jotti.org

Avast also finds the zen.exe as having bad rep

zen.exe - Jotti's malware scan

virusscan.jotti.org

F-Secure is using Avira's engine and Zen Browser installer is already detected by Avira.

Honestly it seems wise to stick to popular browsers. I know it is costly to buy a certificate to sign the application (for a one-man show), but this does not promote trust and security. This is a browser that will host your whole online life, so one must choose a secure one.

 

[Jonny Quest]

Just thought I'd check it from my end.

 

[Divine_Barakah]

Just thought I'd check it from my end.

View attachment 285104

Yes this is a signature detection by Avira signatures. Maybe you can submit the installer to F-Secure to see if it is a FP? I have submitted it to Emsisoft, but I still have not received a reply.

 

[Jonny Quest]

Yes this is a signature detection by Avira signatures. Maybe you can submit the installer to F-Secure to see if it is a FP? I have submitted it to Emsisoft, but I still have not received a reply.

Good idea, I'll do that. F-Secure makes it easy in submitting samples (direct link to that webpage).



edit: Done. I'll get back to this thread when I find something out. I also included a description.

 

[Divine_Barakah]

Good idea, I'll do that. F-Secure makes it easy in submitting samples (direct link to that webpage).

View attachment 285105

edit: Done. I'll get back to this thread when I find something out. I also included a description.
View attachment 285106

Emsisoft, too, makes it easy to submit samples. You can do it from Quarantine, or through their website, or from the online dashboard.

 

[SpiderWeb]

I wouldn't trust that "browser".

 

[Divine_Barakah]

I wouldn't trust that "browser".

Well, honestly I was about to restore a clean system image just to make sure nothing was done to my system.

I will stay with Vivaldi (with multiple profiles) for now.

 

[jamey910111]

Well, honestly I was about to restore a clean system image just to make sure nothing was done to my system.

I will stay with Vivaldi (with multiple profiles) for now.

u mean due to zen or catsxp? Not a single primary antivirus found any issues with catsxp though to my knowledge. As far as i understand emsisoft is a secondary scanner tbh - and then there is such things as false positives. Regardless, of emsisoft, i don't know how helpful it is to base judgement on the result of a single antivirus, specially emsisof which others pointed out is super aggressie. But to each their own. If quality of catsxp degrades i will move on to debloated brave, I've always found it smoother and more stable than vivaldi. Sidekick seems dead, even if it's not i am moving on, even without this update it's been months - that's unacceptable.

 

[Divine_Barakah]

u mean due to zen or catsxp? Not a single primary antivirus found any issues with catsxp though to my knowledge. As far as i understand emsisoft is a secondary scanner tbh - and then there is such things as false positives. Regardless, of emsisoft, i don't know how helpful it is to base judgement on the result of a single antivirus, specially emsisof which others pointed out is super aggressie. But to each their own. If quality of catsxp degrades i will move on to debloated brave, I've always found it smoother and more stable than vivaldi. Sidekick seems dead, even if it's not i am moving on, even without this update it's been months - that's unacceptable.

Sorry I should have been clearer. I was talking about Zen browser not Catsxp.

BTW I have submitted both installers (Zen and Catsxp) to be reviewed by Emsisoft. Honestly I am not worried about Catsxp, but I am rather worried because of Zen which was also detected by Kaspersky system watcher.

Anyway, I do not see using a browser that is not digitally signed as a wise option. This is the reason why I don't use ungoogled chromium. And I do not see using a one-man-show browser as wise thing either.

I am happy with Vivaldi for now.

 

[Divine_Barakah]

This firefox fork has been released for windows, mac and linux. No one from mac or linux has this problem. You most likely fell for a false positive.

Some users on Reddit reported that it was blocked on Mac

 

[Digmor Crusher]

Why use these no- name browsers, I have serious doubts that any of them are better than Chrome, Firefox or Edge or patch security issues anywhere near as fast as the most popular browsers do.

 

[simmerskool]

Anyway, I do not see using a browser that is not digitally signed as a wise option.

IIRC Librewolf is not signed and I decided tweaking Firefox is enough & uninstalled Librewolf

 

[harlan4096]

This is interesting becakuse open tip kaspersky did not detect the installer as having any issues:

Nor it kaspersky open tip detect the exe as having issues.

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

I also scanned both the installer and portable versions with kaspersky on my systen it found no issues (although i never executed them).

K. OPENTIP does not detect anything there because that is a PDM (Proactive Defense Module) detection on execution from System Watcher.

Still, could be a false positive.