Yes, there is a problem with tor.exe (0.4.7.15) - Microsoft has flagged this as a Trojan (Win32/Malgent!MTB) and is mercilessly removing tor from both the service and the browser on their windows systems
You’ve got a platform antivirus program removing a needed part to run Tor. I think it is in the project’s interest to get Microsoft to fix this if this truly isn’t a trojan. Otherwise, most Windows users wouldn’t want to (or even can’t) be running this version. The things that people do to get Tor to run now is to 1) reinstall the previous version and pause on update (maybe a dangerous activity for most people in itself) and 2) use Tor.exe from the previous release.
This could be a false positive, but it does effect most Windows users. OTH, if this is a true positive, nobody can evaluate it better than the project and Microsoft. 3CX supply-chain attack started off this way too.
Same problem as above, after upgrading to 12.5.6, Windows 10 Defender reported a “Trojan:Win32/Malgent!MTB” on “…Tor Browser\Browser\TorBrowser\Tor\tor.exe”.
For now, I replaced the tor.exe with on older version of the exe file but the Tor Project should avoid such problem because novice user will likely panic because of such message (namely a Virus threat, especially when it is a false positive) which cannot be fixed by “normal” means.
I’m not sure what heuristics Windows Defender uses to determine a “Trojan:Win32/Malgent!MTB” but running an upgrade and being greeted with such threat message isn’t helpful for either the project nor the user.
I’m assuming that the 12.5.6 release doesn’t contain a Trojan:Win32/Malgent!MTB but an official verification about the non-existence would be much appreciated.
Looks like there will be Tor Browser 12.5.7 soon enough because they have discovered yet another vulnerability in libvpx (CVE-2023-44488). Looking at the commit log for libvpx, it’s an absolute mine field. I wonder if TB should just set “media.mediasource.vp9.enabled” to false for the time being.
The most effective thing is: send the binary to the manufacturer of the antivirus software and write that it is recognized incorrectly.
This is how I do it with preinstalled Avast shit on my Android phone.
As far as I understand Tor Browser 13.0 is scheduled to be released today, but there has not been a Firefox release with the fix for CVE-2023-44488 yet. In fact, it hasn’t been cherry picked to their repository either (they don’t seem to use the stock libvpx version). I’m kind of confused here, Firefox devs are usually very fast at fixing things. Maybe Firefox is not affected due to its specific usage of libvpx? Who knows, all of the bug reports are private/restricted.
We had some last minute fixes for which we decided to push the 13.0 release of a few days.
We want to publish before Firefox 115.4.0 for sure.
We haven’t heard of scheduled releases from Mozilla, yet. So, 12.5.7 is not scheduled on our side either.
From what I know, earlier fixes weren’t used against Firefox, but only against “other products” (from what Mozilla’s advisories say).