Microsoft Defender no longer reports the Tor browser as malware

The file tor.exeexecutable that launches the popular web browser Toris no longer reported as possible malware by Windows Defender.

In fact, the latest versions of the browser were marked by the tool as potentially dangerous, creating considerable concern among users. What happened was clarified by a dialogue between the managers of Tor and Microsoftwith the Redmond giant declaring “We have reviewed the submitted files and determined that they do not match our definitions of malware or unwanted applications. Therefore, we have removed the detection“.

For users who still see this false positive (and they haven’t updated the antivirus yet) Microsoft has provided a series of instructions to cancel the false positive report. Specifically it is necessary:

1. Open the command prompt come administrator;
2. Go to c:\Programmi\Windows Defender;
3. Run the command MpCmdRun.exe -removedefinitions -dynamicsignatures;
4. Then execute MpCmdRun.exe -SignatureUpdate.

If Microsoft Defender has previously intervened on the executable, it is recommended to recover tor.exe from quarantine. It may be useful to download the browser and install it again.

Tor browser reported as malware but it is a false positive

Similar warnings have also been reported in Virus Totalwhich relies on third-party security vendors to scan uploaded files.

The file involved in this sensational false positive, according to the developers themselves, is identical to that of the previous version of the browser, i.e 12.5.5. At the time of the launch of the previous version of Tor, no antivirus has in no way reported the executable.

Although this case is curious and, in some ways, inexplicable, it is certainly not a rarity in the context of browsers. Just think of the recent case in which Edge reported Chrome as malware.

Tor (acronym for The Onion Router) is software open sourceused to anonymously browse the Web, through the onion routing network protocol. This is used to make it more difficult for online activities to be tracked, both by commercial companies and possible bad actors.