[German]A few hours ago, the Tor browser received a security update that closed a vulnerability. Now Microsoft Defender in the form of Windows Security triggers an alert when the Tor browser is called up and quarantines the tor.exe file. It warns about a "Trojan:Win32/Malgent!MTB".
Patrick alerted me to this via email (thanks for that) and wrote "tor.exe" (Tor Browser) is detected by Microsoft's Windows Security today, 2023-09-30 as "Trojan:Win32/Malgent!MTB". It uses the following version:
Tor Browser 12.5.5
File: tor.exe (7.804.416 Bytes)
I immediately checked my Tor installation on a German Windows 10 and indeed got an alert via Toast notification (see above) and in Windows Security the following display.
Patrick then uploaded the file times on Virus Total and writes that currently 3 virus scanners detect a Trojan. When I called the virustotal page in question, there were already four scanners that hit.
The status of the Windows virus signatures at scan is: 1.397.1801.0 and 1.397.1814.0 (2023-09-30 06:13).
Patrick then downloaded again from www.torproject.org from the archive and checked the PGP signatures as well. The file "tor.exe" has the same 256 checksum and the updated virus signatures still give the security message rated as "severe" in Windows 10. The analysis page at Virus Total for the uploaded tor.exe file kept updating today, Patrick writes.
Blog reader Stefan also just got in touch by mail and writes:
just updated Tor Browser and Windows Defender detects Tor.exe as trojan and quarantines it. I suspect a false positive.
He also gave me a link to reddit.com, where you can also find a user comment. Other users confirm this observation. This means that a lot of people cannot currently run Tor Bundle or have to define an exception if it is a false positive.
There is a second reddit.com post on the subject where someone wrote that re-downloading and installing the Tor bundle stopped the false alarm for them. My attempt to reinstall an old installer of Tor did work and the Tor started again. However, after the auto-update, Defender again triggers an alert and moved the tor.exe to quarantine. Currently I will pause the Tor until the issue is resolved.
Cookies helps to fund this blog: Cookie settings