Microsoft Defender will finally stop claiming Tor is malware

Tor has confirmed that Microsoft Defender will no longer wrongly flag the alternative browser as malware after a battle with Microsoft to get the story straight.

The problem stems from TorBrowser 12.5.6, which contains an executable file that Defender deemed unsafe, but a Tor spokesperson said that the file was actually unchanged byte-for-byte compared with version 12.5.5.

Affected users were having the tor.exe file flagged as a trojan (“Win32/Malgent!MTB”) and were unable to use the software.

Microsoft will let you use the Tor browser again

In the meantime, some users were reporting success in reinstalling the previous build, which was not seemingly triggering Windows Defender’s trojan response.

Compared with Tor version 12.5.5, build 12.5.6 added just a couple of security tweaks including backporting security fixes from Firefox 115.3.1 to 102.15.1.

It took Tor contacting Microsoft to get it working correctly again. By sharing the .exe file with Redmond, Tor was told:

“At this time, the submitted files do not meet our criteria for malware or potentially unwanted applications. The detection has been removed.”

The update reads: “If your TorBrowser stopped working during this weekend, make sure your Windows Defender is up to date, and either unquarantine tor.exe, or reinstall TorBrowser by downloading it from [the] Tor Project website.”

The latest signature database (1.397.1910.0) is no longer considering the tor.exe file to be a problem.

Precisely why Microsoft Defender had a problem with the unchanged tor.exe file remains unclear. TechRadar Pro has asked Microsoft for more information, but the company did not immediately respond.

More from TechRadar Pro

• Think you’ve been a victim of an online attack? Here are the best identity theft protection tools
• Watch out – Microsoft Defender is flagging some legitimate URLs as harmful
• We’ve rounded up the best firewalls for a cybersecurity boost