bentham
-
Posts
16 -
Joined
-
Last visited
-
Days Won
1
Posts posted by bentham
-
-
-
35 minutes ago, John999 said:
I updated TorBrowser via the internal updater so I cannot explain why it shows that TorBrowser is updated, it says version 13.0.5 and, still tor.exe that I find in C:\......\Tor Browser\Browser\TorBrowser\Tor is 13.0.4
Yes I had the same problem and had to extract the updated tor.exe from the installer - I guess the torbrowser devs are having problems.
-
On 11/24/2023 at 10:27 AM, John999 said:
Unfortunately the problem with tor.exe detected as suspicious and moved into Quarantine has "reappeared" with version 13.0.5
Can someone investigate?I'm not getting the issue after copying the updated file. It might be worth checking which version of tor.exe you have in case it didn't get updated (as in my post above).
Sizes of different versions (based on tor browser version):
- v13.0.1 - 8,543,744 bytes
- v13.0.4 - 7,926,784 bytes (marked "suspicious")
- v13.0.5 - 8,547,840 bytes
-
1 hour ago, John999 said:
The problem has disappeared with newer version 13.0.5
Many thanks for the heads up. After updating to 13.0.5, I can't work out if the update left my 13.0.1 tor.exe alone or reverted to it as it is still the same binary file.
EDIT - ok I downloaded the 13.0.5 installer and extracted tor.exe and it was a different file - not sure why the browser update process didn't fix this. Anyway the new tor.exe does fix the issue like you said so maybe there was something "suspicious" about the 13.0.4 release.
-
For anyone else having this issue - tor.exe from the previous version (13.0.1) works for now until this is resolved.
-
Yes, it is completely green (0 detections) in virustotal. If I check file reputation with ESET, the reputation bar is grey (no apparent bar) and the number of users is orange - approx 30% bar.
-
tor.exe from tor browser 13.0.4 is being blocked by live grid as "suspicious"
-
Many thanks to ESET for being one of the few AV vendors who were unaffected by this update
-
-
I renamed eguiActivation.dll as suggested but it did not change the issue I posted above (main window appearing when checking file reputation). I haven't been getting the main window pop up with updates, so someone else will need to post whether this was fixed or not.
-
I think ESET have made a move to not have egui permanently running in the background, meaning that when the app wishes to report something, it temporarily starts up egui to do so. It appears that in most cases this also brings up the "you are protected" main window in the process. I am finding other odd little effects as a result, eg if I right click a file to "check file reputation", just the reputation box used to appear, but now the egui window opens also.
-
Just a quick update, I uninstalled ESET and re-downloaded the installer (which was slightly bigger than the one I already had, despite being the same version!).
After reinstalling, the file reputation is now working correctly, so thanks Janus for the suggestion
-
Thanks for the reply, I haven't got round to reinstalling yet. Yes I can see what you say makes sense, however I haven't managed to find any files that show the information. I have tried standard windows files and common update files etc. The image above was using a common java update file.
-
Many thanks for the reply, I'll try reinstalling as you suggested when I have the time to spare. I was hoping for a more quick solution if possible in the meanwhile.
-
I am using ESET smart security (latest version) and I cannot get the file reputation window to display properly (right-click file > advanced options > check file reputation using eset live grid), the 3 risk-level columns always remain empty (see attached image). The similar window in the gui tools for running processes works fine. Is there an easy way to fix this? Thanks in advance.
latest tor browser issue with live grid
in Malware Finding and Cleaning
Posted
I did this and the file is different (8,548,352 bytes). Either tor have fixed the issue in the downloadable version or something is up with their updater. If it's the latter, that might explain FlorinTarta's issue above.