bentham 5 Posted November 22, 2023 Share Posted November 22, 2023 tor.exe from tor browser 13.0.4 is being blocked by live grid as "suspicious" Link to comment Share on other sites More sharing options...
itman 1,746 Posted November 23, 2023 Share Posted November 23, 2023 Did you check tor.exe at VirusTotal? Link to comment Share on other sites More sharing options...
bentham 5 Posted November 23, 2023 Author Share Posted November 23, 2023 Yes, it is completely green (0 detections) in virustotal. If I check file reputation with ESET, the reputation bar is grey (no apparent bar) and the number of users is orange - approx 30% bar. Link to comment Share on other sites More sharing options...
bentham 5 Posted November 23, 2023 Author Share Posted November 23, 2023 For anyone else having this issue - tor.exe from the previous version (13.0.1) works for now until this is resolved. Link to comment Share on other sites More sharing options...
Solution John Dow 5 Posted November 23, 2023 Solution Share Posted November 23, 2023 The problem has disappeared with newer version 13.0.5 bentham 1 Link to comment Share on other sites More sharing options...
bentham 5 Posted November 23, 2023 Author Share Posted November 23, 2023 (edited) 1 hour ago, John999 said: The problem has disappeared with newer version 13.0.5 Many thanks for the heads up. After updating to 13.0.5, I can't work out if the update left my 13.0.1 tor.exe alone or reverted to it as it is still the same binary file. EDIT - ok I downloaded the 13.0.5 installer and extracted tor.exe and it was a different file - not sure why the browser update process didn't fix this. Anyway the new tor.exe does fix the issue like you said so maybe there was something "suspicious" about the 13.0.4 release. Edited November 23, 2023 by bentham John Dow 1 Link to comment Share on other sites More sharing options...
John Dow 5 Posted November 24, 2023 Share Posted November 24, 2023 Unfortunately the problem with tor.exe detected as suspicious and moved into Quarantine has "reappeared" with version 13.0.5 Can someone investigate? Link to comment Share on other sites More sharing options...
bentham 5 Posted November 25, 2023 Author Share Posted November 25, 2023 On 11/24/2023 at 10:27 AM, John999 said: Unfortunately the problem with tor.exe detected as suspicious and moved into Quarantine has "reappeared" with version 13.0.5 Can someone investigate? I'm not getting the issue after copying the updated file. It might be worth checking which version of tor.exe you have in case it didn't get updated (as in my post above). Sizes of different versions (based on tor browser version): v13.0.1 - 8,543,744 bytes v13.0.4 - 7,926,784 bytes (marked "suspicious") v13.0.5 - 8,547,840 bytes John Dow 1 Link to comment Share on other sites More sharing options...
John Dow 5 Posted November 25, 2023 Share Posted November 25, 2023 (edited) v13.0.4 - 7,926,784 bytes (marked "suspicious") But I updated TorBrowser via the internal updater so I cannot explain why it shows that TorBrowser is updated, it says version 13.0.5 and, still tor.exe that I find in C:\......\Tor Browser\Browser\TorBrowser\Tor is 13.0.4 PS Updated using the proper installer in https://dist.torproject.org/torbrowser/13.0.5/ It seems OK now Let's cross fingers. Edited November 25, 2023 by John999 added PS Link to comment Share on other sites More sharing options...
bentham 5 Posted November 25, 2023 Author Share Posted November 25, 2023 (edited) 35 minutes ago, John999 said: I updated TorBrowser via the internal updater so I cannot explain why it shows that TorBrowser is updated, it says version 13.0.5 and, still tor.exe that I find in C:\......\Tor Browser\Browser\TorBrowser\Tor is 13.0.4 Yes I had the same problem and had to extract the updated tor.exe from the installer - I guess the torbrowser devs are having problems. Edited November 25, 2023 by bentham typo John Dow 1 Link to comment Share on other sites More sharing options...
FlorinTarta 0 Posted December 5, 2023 Share Posted December 5, 2023 (edited) I had the same problem, even for the new downloaded tor browser, it doesn't even finish the download. And for the new alpha version 13.5a2 when installing the scanning delete automaticaly tor.exe file. Edited December 5, 2023 by FlorinTarta Link to comment Share on other sites More sharing options...
FlorinTarta 0 Posted December 5, 2023 Share Posted December 5, 2023 Also for the Alpha Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted December 5, 2023 Administrators Share Posted December 5, 2023 The file should no longer be blocked. Link to comment Share on other sites More sharing options...
FlorinTarta 0 Posted December 6, 2023 Share Posted December 6, 2023 I downloaded the Tor Browser, but after installing when the Tor Browser started tor.exe was deleted. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted December 6, 2023 Administrators Share Posted December 6, 2023 Please provide logs collected with ESET Log Collector. Link to comment Share on other sites More sharing options...
FlorinTarta 0 Posted December 6, 2023 Share Posted December 6, 2023 Attached the log eea_logs.zip Link to comment Share on other sites More sharing options...
bentham 5 Posted December 19, 2023 Author Share Posted December 19, 2023 Today's update (13.0.7) has a "small" version of tor.exe again (7,927,296 bytes) - and like the previous small version, it is being marked as suspicious by ESET. Replacing it with tor.exe from 13.0.6 fixes it for now. John Dow 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted December 19, 2023 Administrators Share Posted December 19, 2023 I've downloaded tor-browser-windows-x86_64-portable-13.0.7 and extracted it but none of the files was detected. Please post the appropriate record from the Detections log. bentham and John Dow 2 Link to comment Share on other sites More sharing options...
bentham 5 Posted December 19, 2023 Author Share Posted December 19, 2023 33 minutes ago, Marcos said: I've downloaded tor-browser-windows-x86_64-portable-13.0.7 and extracted it I did this and the file is different (8,548,352 bytes). Either tor have fixed the issue in the downloadable version or something is up with their updater. If it's the latter, that might explain FlorinTarta's issue above. Link to comment Share on other sites More sharing options...
Recommended Posts