Brave-browser: tor-0.3.5.8-win32-brave-1 blocked by WindowsDefender - Trojan:Win32/Skeeyah!MTB

Created on 5 Mar 2020  ·  12Comments  ·  Source: brave/brave-browser

Description
WD block tor-0.3.5.8-win32-brave-1 file and Tor network

Steps to Reproduce

  1. Download and install Release Channel v1.4.96, BraveBrowserStandaloneSetup.exe from github
  2. Open Brave
  3. Open Tor Private Window

Actual result:
Windows defender block file and Tor network: C:UsersUSERAppDataLocalBraveSoftwareBrave-BrowserUser Datacpoalefficncklhjfpglfiplenlpccdb1.0.9tor-0.3.5.8-win32-brave-1

Expected result:
Navigate Tor network

Reproduces how often:
?

Brave version (brave://version info)
Release Channel v1.4.96

Version/Channel Information:
Did not try others channels

Miscellaneous Information:

Windows 10 - 1909
https://www.virustotal.com/gui/file/e6cca452474b22bb1a8c45ffe6a1f77ce517fed964d18cd69eb019f411aed6d4/detection

featurtor
Source
picture ghost
👍3

Most helpful comment

@pat-san @eDave56 @T-Nawaz - Please let me know if you're still seeing this with the updated v1.0.10. Thank you!

Seems to be working so far with Signatures and Tor component updates.

picture eDave56 on 9 Mar 2020
2 🚀1

All 12 comments

Same behavior for Beta 1.5.108, Dev 1.6.58, and Nightly 1.7.44 in Windows 10 OS Version 1909 (Build 18363.657).
image

eDave56 picture eDave56 on 5 Mar 2020

cc: @jumde for triage

bsclifton picture bsclifton on 6 Mar 2020

For now, is it ok to restore this file from windows defender?

T-Nawaz picture T-Nawaz on 6 Mar 2020

We submitted this file for analysis. Here is the response from Windows Defender team:

Analyst comments:

We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
3. Run "MpCmdRun.exe -SignatureUpdate"

Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
jumde picture jumde on 6 Mar 2020
👍2

@pat-san @eDave56 @T-Nawaz - Please let me know if you're still seeing this with the updated v1.0.10. Thank you!

jumde picture jumde on 7 Mar 2020

LGTM
thank you jumde!

ghost picture ghost on 7 Mar 2020

@jumde I am not facing any more problems after the update.

T-Nawaz picture T-Nawaz on 8 Mar 2020
2 🚀1

Awesome! 👍

jumde picture jumde on 9 Mar 2020

@pat-san @eDave56 @T-Nawaz - Please let me know if you're still seeing this with the updated v1.0.10. Thank you!

Seems to be working so far with Signatures and Tor component updates.

eDave56 picture eDave56 on 9 Mar 2020
2 🚀1

FYI, Version 1.7.98 Chromium: 81.0.4044.113 (Official Build) (64-bit) has the same problem as well.

Sarafian picture Sarafian on 28 Apr 2020

Hi @Sarafian, Can you navigate to brave://components/ and check if you are using tor client 1.0.11?

jumde picture jumde on 28 Apr 2020

Hi @Sarafian, Can you navigate to brave://components/ and check if you are using tor client 1.0.11?

Yes @jumde

Brave Tor Client Updater (Windows) - Version: 1.0.11
Status - Up-to-date

Anyhow, the issue got resolved after a restart of the Windows 10 operating system.

For the history, I'll put the version here and I'll mention that on the slow inner ring.

Version 2004 (OS Build 19041.208)

Sarafian picture Sarafian on 28 Apr 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Sondro picture Sondro  ·  3Comments
fmarier picture fmarier  ·  3Comments
pitsi picture pitsi  ·  3Comments
jonathansampson picture jonathansampson  ·  3Comments
simonhong picture simonhong  ·  3Comments