bentham 5 Posted November 22, 2023 Posted November 22, 2023 tor.exe from tor browser 13.0.4 is being blocked by live grid as "suspicious"
bentham 5 Posted November 23, 2023 Author Posted November 23, 2023 Yes, it is completely green (0 detections) in virustotal. If I check file reputation with ESET, the reputation bar is grey (no apparent bar) and the number of users is orange - approx 30% bar.
bentham 5 Posted November 23, 2023 Author Posted November 23, 2023 For anyone else having this issue - tor.exe from the previous version (13.0.1) works for now until this is resolved.
Solution John Dow 6 Posted November 23, 2023 Solution Posted November 23, 2023 The problem has disappeared with newer version 13.0.5 bentham 1
bentham 5 Posted November 23, 2023 Author Posted November 23, 2023 (edited) 1 hour ago, John999 said: The problem has disappeared with newer version 13.0.5 Many thanks for the heads up. After updating to 13.0.5, I can't work out if the update left my 13.0.1 tor.exe alone or reverted to it as it is still the same binary file. EDIT - ok I downloaded the 13.0.5 installer and extracted tor.exe and it was a different file - not sure why the browser update process didn't fix this. Anyway the new tor.exe does fix the issue like you said so maybe there was something "suspicious" about the 13.0.4 release. Edited November 23, 2023 by bentham John Dow 1
John Dow 6 Posted November 24, 2023 Posted November 24, 2023 Unfortunately the problem with tor.exe detected as suspicious and moved into Quarantine has "reappeared" with version 13.0.5 Can someone investigate?
bentham 5 Posted November 25, 2023 Author Posted November 25, 2023 On 11/24/2023 at 10:27 AM, John999 said: Unfortunately the problem with tor.exe detected as suspicious and moved into Quarantine has "reappeared" with version 13.0.5 Can someone investigate? I'm not getting the issue after copying the updated file. It might be worth checking which version of tor.exe you have in case it didn't get updated (as in my post above). Sizes of different versions (based on tor browser version): v13.0.1 - 8,543,744 bytes v13.0.4 - 7,926,784 bytes (marked "suspicious") v13.0.5 - 8,547,840 bytes John Dow 1
John Dow 6 Posted November 25, 2023 Posted November 25, 2023 (edited) v13.0.4 - 7,926,784 bytes (marked "suspicious") But I updated TorBrowser via the internal updater so I cannot explain why it shows that TorBrowser is updated, it says version 13.0.5 and, still tor.exe that I find in C:\......\Tor Browser\Browser\TorBrowser\Tor is 13.0.4 PS Updated using the proper installer in https://dist.torproject.org/torbrowser/13.0.5/ It seems OK now Let's cross fingers. Edited November 25, 2023 by John999 added PS
bentham 5 Posted November 25, 2023 Author Posted November 25, 2023 (edited) 35 minutes ago, John999 said: I updated TorBrowser via the internal updater so I cannot explain why it shows that TorBrowser is updated, it says version 13.0.5 and, still tor.exe that I find in C:\......\Tor Browser\Browser\TorBrowser\Tor is 13.0.4 Yes I had the same problem and had to extract the updated tor.exe from the installer - I guess the torbrowser devs are having problems. Edited November 25, 2023 by bentham typo John Dow 1
FlorinTarta 0 Posted December 5, 2023 Posted December 5, 2023 (edited) I had the same problem, even for the new downloaded tor browser, it doesn't even finish the download. And for the new alpha version 13.5a2 when installing the scanning delete automaticaly tor.exe file. Edited December 5, 2023 by FlorinTarta
Administrators Marcos 5,740 Posted December 5, 2023 Administrators Posted December 5, 2023 The file should no longer be blocked.
FlorinTarta 0 Posted December 6, 2023 Posted December 6, 2023 I downloaded the Tor Browser, but after installing when the Tor Browser started tor.exe was deleted.
Administrators Marcos 5,740 Posted December 6, 2023 Administrators Posted December 6, 2023 Please provide logs collected with ESET Log Collector.
bentham 5 Posted December 19, 2023 Author Posted December 19, 2023 Today's update (13.0.7) has a "small" version of tor.exe again (7,927,296 bytes) - and like the previous small version, it is being marked as suspicious by ESET. Replacing it with tor.exe from 13.0.6 fixes it for now. John Dow 1
Administrators Marcos 5,740 Posted December 19, 2023 Administrators Posted December 19, 2023 I've downloaded tor-browser-windows-x86_64-portable-13.0.7 and extracted it but none of the files was detected. Please post the appropriate record from the Detections log. bentham and John Dow 2
bentham 5 Posted December 19, 2023 Author Posted December 19, 2023 33 minutes ago, Marcos said: I've downloaded tor-browser-windows-x86_64-portable-13.0.7 and extracted it I did this and the file is different (8,548,352 bytes). Either tor have fixed the issue in the downloadable version or something is up with their updater. If it's the latter, that might explain FlorinTarta's issue above.
Recommended Posts