I had used Tor Browser On windows before. All was Great. But right now it seems something weird that Windows just keep deleting the Tor.exe executable file and label it as Severe. Don’t tell me it’s a false Positive detection, cause it’s not.
Here is I am attaching a Screenshot of the Detections.
Windows 11 Pro.
Last version : 10.0.22622 Build 22622
Don’t tell me it’s a false Positive detection, cause it’s not.
I will tell you it’s a false positive, because as far as I can tell, it is one. I rebuilt that binary from source (which can be done by using this tool), and got the exact same file as in the release.
Now if you are uncomfortable with telling Windows Defender to ignore that file, you can download TorBrowser 32bit from this page, it should work on both Windows 32 and 64 bits, and doesn’t appear to bother Windows Defender.
Can you confirm you downloaded a file named torbrowser-install-12.5.6_ALL.exe, and not torbrowser-install-win64-12.5.6_ALL.exe? You would be the first one to report an issue with the 32b version, and according to virus total, Windows Defender sees nothing wrong with it either.
can I ask you what is that detection and what causing it ?
Antiviruses are black boxes, I don’t know why one would like something and not like something else.
been using Tor for the last 5 years. never something like this.
This used to be a frequent occurrence in the past, so much so that this support page had to be created.
The usual reason was that some virus would use tor to connect to its c&c server, so antivirus vendors would see that binary (tor.exe) as part of the virus, and therefor flag and delete it. This looks very much like these past occurrences to me, but again AVs are black boxes, short of having a statement from someone at Microsoft, we don’t know why it gets flagged.
Tor POW is using Equi-X. That is Equihash PoW algorithm using HashX as underlying hash function. HashX is derived from the RandomX hash function used in Monero’s Hashcash PoW algorithm. Tor POW is also being developed by the same user, tevador.
This event has gone to show that some AV’s respond over sensitively so following every detection would also lead to lots of unnecessary removal. Plus the vast majority of Tor enthusiasts are likely to recommend Linux variant operating systems where most of them come with no AV or are incompatible with many AV clients. I’ve seen screenshots from malware control interfaces where the infection even lists what type of AV the user has installed meaning plenty of off the shelf skidware is capable of completely bypassing virus detection and adding backdoors for remote access at later points.
Not even sure I get what this post is actually saying or maybe it was not at all addressed to my post.
Are you saying that most Tor enthusiasts are Linux users or recommend an OS without an AV like Linux. Define enthusiasts.
I checked and from support torproject org “The most used desktop operating systems are Windows, macOS and Linux. Android and iOS are the dominant mobile operating systems”
This can be just a statement of fact only and unrelated to Tor.
From truelist co /blog/tor-stats/ point 14
There were 60000 daily downloads of Tor on average on Windows between March and June 2021 while macOS and Linux had fewer than 20000 per day each for the same period. I imagine today’s stats would be similar. They get this from Tor Metrics whatever that is.
Agreed skidware is capable of bypassing virus detection. They test for the most popular ones.