Fortinet is identifying Brave Files as Malware

markka · February 12, 2020, 5:23pm

Description of the issue:

Fortinet is identifying the following Files as Malware. I think these alerts are false positives. I’ve opened a ticket with Fortinet but since the files are temporary they are deleted right away. One file was quarantine and I have the hash for that file. Can someone verify if this is a false positive and work with Fortinet to have the files reclassified. This issue started at the beginning of February.

Malware:PossibleThreat.MU found in C:\Users\xxxx\AppData\Local\Temp\chrome_BITS_10684_1726015827\extension_1_0_8.crx by realtime scan. Denied access to the file.

Malware:PossibleThreat.MU found in C:\Users\xxxx\AppData\Local\Temp\chrome_url_fetcher_53056_648473232\extension_1_0_8.crx by realtime scan. Attempt to quarantine file failed.

Malware:PossibleThreat.MU found in C:\Users\xxxx\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.8\tor-0.3.5.8-win32-brave-0 by realtime scan. The file was quaran

Malware:PossibleThreat.MU found in C:\Users\xxxx\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.7\tor-0.3.5.8-win32-brave-0 by realtime scan. Denied access to the

How can this issue be reproduced?

Expected result:

Brave Version( check About Brave):
Version 1.2.43 Chromium: 79.0.3945.130 (Official Build) (64-bit)
Additional Information:

Mattches · February 12, 2020, 5:32pm

@markka,
Thank you for bringing this to our attention. It most certainly is a false positive and I’ll be reaching out to Fortinet today to see what we can do to get this resolved as soon as possible.

markka · February 12, 2020, 6:16pm

Excellent! Thanks for your help.

joriks · February 19, 2020, 12:01pm

I’m having exactly the same problem. It’s super annoying.

NJ2020 · February 20, 2020, 11:11pm

Yep I just started getting the same issue on Kaspersky as of today after updating to the latest definitions database and running a full scan.

I don’t know if it’s related to Fortinet.

AsAboveSoBelow · February 20, 2020, 11:39pm

Weirdly as it sounds, COMODO Killswitch registers tor-0.3.5.8-win32-brave-0 contained inside Brave-Browser-Nightly\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.8 as unknown and untrusted.

Will be throwing this file into my sandbox to test.

system · March 21, 2020, 11:54pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[KTS19] detecting [BraveSoftware][tor-0.3.4.9-win32-brave-0] Desktop Support bug	16	4430	January 27, 2019
Brave update failed, Malware found Desktop Support	5	384	January 13, 2023
User Files Possibly Being Mistaken as Adware Desktop Support windows	3	412	December 27, 2019
Windows Defender has detected a malware Desktop Support windows	2	806	November 25, 2019
Virus?i think my browser has picked up a bug Browser Support windows	3	333	February 1, 2023
AntiVirus found a weird file inside my Brave install folder	8	2376	September 24, 2020
Tor-0.3.3.8-win32-brave-5 is considered insecure Beta Builds	2	822	October 10, 2018
Cisco AMP reporting Brave as malware Desktop Support windows	5	2314	March 6, 2019

Fortinet is identifying Brave Files as Malware

Related Topics