Tor has confirmed that Microsoft Defender will no longer wrongly flag the alternative browser as malware after a battle with Microsoft to get the story straight.
The problem stems from TorBrowser 12.5.6, which contains an executable file Defender deemed unsafe. Still, a Tor spokesperson said the file was unchanged byte-for-byte compared to version 12.5.5.
Affected users had.exe files flagged as a trojan (“Win32/Malgent!MTB”) and were unable to access software.
Microsoft will let you use the Tor browser again.
In the meantime, some users reported success in reinstalling the previous build, which was not seemingly triggering Windows Defender’s trojan response.
Compared with Tor version 12.5.5, build 12.5.6 added a few security tweaks, including backporting security fixes from Firefox 115.3.1 to 102.15.1.
It took Tor contacting Microsoft to get it working correctly again. By sharing the .exe file with Redmond, Tor was told:
“The submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed.”
The update reads: “If your TorBrowser stopped working this weekend, make sure your Windows Defender is up to date, and either unquarantine tor.exe or reinstall TorBrowser by downloading it from [the] Tor Project website.”
The latest signature database (1.397.1910.0) no longer considers the tor.exe file to be a problem.
Why Microsoft Defender had a problem with the unchanged tor.exe file remains unclear. TechRadar Pro has asked Microsoft for more information, but the company did not immediately respond.