Serious Discussion Zen Browser (Firefox Fork) detected by Emsisoft

Divine_Barakah

Level 33
Thread author
Verified
Top Poster
Well-known
May 10, 2019
2,289
Lately, I have been trying different browsers to see an alternative to the bloated Brave. Today I have stumbled upon Zen Browser . I have tried to installed it and instantly the BB of Emsisoft stepped in and reported suspicious behaviour then the Antimalware Network indicated that the detection is dangerous.

Screenshot 2024-08-24 005848.png

The weird thing, that detection, though quarantined by Emsisoft, did not reflect in my Incidents tab in the online management console. Any ideas why?

BTW, uploading the installer to VT indicated that it is detected by Avira.
 

Bot

AI-powered Bot
Apr 21, 2016
4,333
The Emsisoft Behavior Blocker (BB) is designed to detect and stop suspicious activities, so it's doing its job correctly. As for the incident not showing in your online management console, it could be due to a delay in synchronization or possibly a bug. You may want to reach out to Emsisoft's customer service for a more precise answer. Regarding the detection by Avira, it's not uncommon for different antivirus programs to flag the same potential threats.
 
  • Like
Reactions: simmerskool

Divine_Barakah

Level 33
Thread author
Verified
Top Poster
Well-known
May 10, 2019
2,289
1. Not a popular app, latest version released only yesterday, unsigned.
2. Emsisoft's BB is the king of false positives. No way it's not going to react to something like this because of the points made on #1.

THREAT
Detected object: zen.installer.exe
Category: Hidden Install
Detected by: Behaviour Blocker

REMMEDIATION
Action: Quarantined, Blocked by community
I know Emsisoft's BB is aggressive, but this time the Anti_malware Network determined that the installer has bad reputation. And as you can see in the log, "blocked by community"
 

bitsper2nd

Level 1
Aug 15, 2024
14
This firefox fork has been released for windows, mac and linux. No one from mac or linux has this problem. You most likely fell for a false positive.
 
  • Like
Reactions: Sorrento

jamey910111

Level 2
Jun 7, 2024
90
According to this reddit, Kaspersky detected it as "PDM:Trojan.Win32.Generic"


View attachment 285099

This is interesting becakuse open tip kaspersky did not detect the installer as having any issues:

Nor it kaspersky open tip detect the exe as having issues.


I also scanned both the installer and portable versions with kaspersky on my systen it found no issues (although i never executed them).

On the other hand avast, f-secure and clamav found issues with the installer here:


Avast also finds the zen.exe as having bad rep

 

Divine_Barakah

Level 33
Thread author
Verified
Top Poster
Well-known
May 10, 2019
2,289
This is interesting becakuse open tip kaspersky did not detect the installer as having any issues:

Nor it kaspersky open tip detect the exe as having issues.


I also scanned both the installer and portable versions with kaspersky on my systen it found no issues (although i never executed them).

On the other hand avast, f-secure and clamav found issues with the installer here:


Avast also finds the zen.exe as having bad rep

F-Secure is using Avira's engine and Zen Browser installer is already detected by Avira.

Honestly it seems wise to stick to popular browsers. I know it is costly to buy a certificate to sign the application (for a one-man show), but this does not promote trust and security. This is a browser that will host your whole online life, so one must choose a secure one.
 

Jonny Quest

Level 21
Verified
Top Poster
Well-known
Mar 2, 2023
1,088
Yes this is a signature detection by Avira signatures. Maybe you can submit the installer to F-Secure to see if it is a FP? I have submitted it to Emsisoft, but I still have not received a reply.

Good idea, I'll do that. F-Secure makes it easy in submitting samples (direct link to that webpage).

Screenshot 2024-08-23 192805.png

edit: Done. I'll get back to this thread when I find something out. I also included a description.
Screenshot 2024-08-23 193645.png
 
Last edited:

Divine_Barakah

Level 33
Thread author
Verified
Top Poster
Well-known
May 10, 2019
2,289
Good idea, I'll do that. F-Secure makes it easy in submitting samples (direct link to that webpage).

View attachment 285105

edit: Done. I'll get back to this thread when I find something out. I also included a description.
View attachment 285106
Emsisoft, too, makes it easy to submit samples. You can do it from Quarantine, or through their website, or from the online dashboard.
 

jamey910111

Level 2
Jun 7, 2024
90
Well, honestly I was about to restore a clean system image just to make sure nothing was done to my system.

I will stay with Vivaldi (with multiple profiles) for now.
u mean due to zen or catsxp? Not a single primary antivirus found any issues with catsxp though to my knowledge. As far as i understand emsisoft is a secondary scanner tbh - and then there is such things as false positives. Regardless, of emsisoft, i don't know how helpful it is to base judgement on the result of a single antivirus, specially emsisof which others pointed out is super aggressie. But to each their own. If quality of catsxp degrades i will move on to debloated brave, I've always found it smoother and more stable than vivaldi. Sidekick seems dead, even if it's not i am moving on, even without this update it's been months - that's unacceptable.
 

Divine_Barakah

Level 33
Thread author
Verified
Top Poster
Well-known
May 10, 2019
2,289
u mean due to zen or catsxp? Not a single primary antivirus found any issues with catsxp though to my knowledge. As far as i understand emsisoft is a secondary scanner tbh - and then there is such things as false positives. Regardless, of emsisoft, i don't know how helpful it is to base judgement on the result of a single antivirus, specially emsisof which others pointed out is super aggressie. But to each their own. If quality of catsxp degrades i will move on to debloated brave, I've always found it smoother and more stable than vivaldi. Sidekick seems dead, even if it's not i am moving on, even without this update it's been months - that's unacceptable.
Sorry I should have been clearer. I was talking about Zen browser not Catsxp.

BTW I have submitted both installers (Zen and Catsxp) to be reviewed by Emsisoft. Honestly I am not worried about Catsxp, but I am rather worried because of Zen which was also detected by Kaspersky system watcher.

Anyway, I do not see using a browser that is not digitally signed as a wise option. This is the reason why I don't use ungoogled chromium. And I do not see using a one-man-show browser as wise thing either.

I am happy with Vivaldi for now.
 
  • Like
Reactions: Sorrento

harlan4096

Super Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,905
This is interesting becakuse open tip kaspersky did not detect the installer as having any issues:

Nor it kaspersky open tip detect the exe as having issues.


I also scanned both the installer and portable versions with kaspersky on my systen it found no issues (although i never executed them).

K. OPENTIP does not detect anything there because that is a PDM (Proactive Defense Module) detection on execution from System Watcher.

Still, could be a false positive.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top