Tor has confirmed that Microsoft Defender will no longer incorrectly flag the alternative browser as malware after a battle with Microsoft to get the story straight.
The issue stems from TorBrowser 12.5.6, which contains an executable that Defender deemed unsafe, but a Tor spokesperson said the file was actually unchanged byte-for-byte compared to version 12.5.5.
Affected users had the tor.exe file marked as a trojan (“Win32/Malgent!MTB”) and were unable to use the software.
Microsoft lets you use the Tor browser again
In the meantime, some users reported success reinstalling the previous build, which apparently didn’t cause the Windows Defender trojan response.
Compared to Tor version 12.5.5, build 12.5.6 added only a few security tweaks, including backporting security fixes from Firefox 115.3.1 to 102.15.1.
It took Tor contacting Microsoft to get it working properly again. By sharing the .exe file with Redmond, Tor was told:
“At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed.”
The update reads: “If your TorBrowser stops working this weekend, make sure your Windows Defender is up to date and remove tor.exe from quarantine or reinstall TorBrowser by downloading it from (the) Tor Project website.”
The latest signature database (1.397.1910.0) no longer considers the tor.exe file as an issue.
Exactly why Microsoft Defender had a problem with the unmodified tor.exe file remains unclear. TechRadar Pro asked Microsoft for more information, but the company did not immediately respond.