After a Windows 11 update that came out a few days ago, Windows Defender is flagging a file in the Brave Cache as a trojan. But upon deleting my cache, the issue is resolved again.
How can this issue be reproduced?
Let Brave run for a little while.
Check the BraveSoftware folder on your device with Windows Defender
Expected result:
A random file from the Cache that starts with the letter F and six digits (example: f_000038) gets flagged as malware
@Amir3.0 have you run full scans on your device? Double check to make sure you’re using legitimate extensions?
Keep in mind just because a trojan ends up somewhere doesn’t mean that it’s the origin. Trojan viruses are ones that disguise themselves as helpful files or programs. They often get there through other types of malware that you install. So even when you remove something like a cache, if it didn’t get rid of the original offender, then it will reappear.
Hi, I have had the exact same thing happen. Also updated to the latest windows 11 version as of 2 hours ago. I vet my extensions very well and block ads. I scan my entire drive daily. I didn’t delete the cache and let windows defender/win 11 anti virus quarantine it and remove it. I am currently doing a secondary full scan (with rootkit scan option on) with malwarebytes. See the screenshot for more info.
edit: yes, official brave from official website, from two (? ish) years ago, always updated to the latest version as soon as available. My malwarebytes is still busy with the secondary scan, will update with result.
edit2:malwarebytes came back clean, but defender obviously got rid of the file, so if malware, it’s left no detectable traces being picked up by def and mwb.
After testing the theory of @NoUsernamehehe i did five full system scans. The first one i did imediatelly after starting my PC at 12:20, which was negative. The second one was after letting Brave run for 20 minutes, which was negative again. The third one was right after opening twitch, which was positive, at 13:18. The final two were right after cleaning up the cache and one hour after that, at 14:23.
This proves this theory correct. Something about the cache created when starting Twitch triggers this detection.
That’s weird, but at least if it’s not appearing at any other time, it tells you the issue is kind of coming from Twitch or something. But really is strange. And you would think other people would be having the issue if it just was from Twitch. Not sure if it’s a false positive, if you have something else working in conjunction, or what?
I’m going to tag in @Mattches to see if he has any guidance to give you.
This pretty much proves that it’s either a problem with Defender or Twitch, and that this is browser-indipendent. I am gonna edit this once i un- and reinstall Defender.
Thank you for updating. Going to leave this thread open for now in case you find out any information about what caused the issue that might be helpful for other users.
@Mattches
Edit: I had to edit this reply twice because of my findings.
First up, thank you for the fast reply!
I just fully reset Defender, and now it’s not a issue anymore
This is a check of the BraveSoftware folder, with twitch running in the background.
