Description of the issue:
Norton Security Antivirus will flag the latest tor executable in Brave 1.4.95 as a trojan horse virus. It will delete it too. However, tor still works inside brave. How can this issue be reproduced?
Update to the latest version of Brave
Have Norton Security AV
Norton will delete the file telling the user it was removed because it contained a Trojan Horse.
Expected result:
The executable should not be flagged as a virus (unless it is?)
Brave Version( check About Brave):
1.4.95 Additional Information:
This is the report from Norton:
Filename: tor-0.3.5.8-win32-brave-1
Threat name: Trojan Horse
Full Path: C:\Users\jedi\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.9\tor-0.3.5.8-win32-brave-1
____________________________
____________________________
On computers as of
03/03/2020 at 17:55:36
Last Used
03/03/2020 at 17:57:38
Startup Item
No
Launched
No
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
tor-0.3.5.8-win32-brave-1 Threat name: Trojan Horse
Locate
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
____________________________
Source: External Media
Source File:
tor-0.3.5.8-win32-brave-1
____________________________
File Actions
File: C:\Users\jedi\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb\1.0.9\ tor-0.3.5.8-win32-brave-1 Removed
____________________________
File Thumbprint - SHA:
e6cca452474b22bb1a8c45ffe6a1f77ce517fed964d18cd69eb019f411aed6d4
File Thumbprint - MD5:
6a548814813319e6a43ec0786208eb4e
I can confirm the above problem. Just had exactly the same report today ( March 4th 2020) from my Norton Internet Security. version 22.20.1.69. That is: tor-0.3.5.8-win32-brave-1 flagged as Trojan and removed.
I had a user report this to my office yesterday. I told the guy it was just a false positive, but left it as it is for now incase I need to restore the file from quarantine.
Likewise, Symantec on my work laptop is flagging this file and I can’t open Brave, which more importantly means I can’t get my bookmarks, really causing issues because I depend on a lot of those links.
It’s being flagged as a PUA, potentially unwanted application, for the most part and anything else is a false positive and probably needs a signature update for the checker: