Opened 4 weeks ago

Last modified 4 weeks ago

#32456 new task

Add a question about anti-virus reporting a virus in Tor Browser

Reported by: boklm Owned by: ggus
Priority: Medium Milestone:
Component: Community/Tor Support Version:
Severity: Normal Keywords:
Cc: ggus Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

With each new Tor Browser release, some users are complaining that Tor Browser is reported as a possible virus by their antivirus. It seems that some anti-virus are reporting any program that has not yet been seen by many of their users as suspicious. Maybe also that some malwares include a copy of tor, leading some antivirus to claim that any program including a copy of tor is a malware.

I think we should add a question about this on support.tpo, to explain that those warnings can be ignored if Tor Browser has been downloaded from the official website.

Child Tickets

Change History (2)

comment:1 Changed 4 weeks ago by ggus

Hi boklm, do you think we need to improve this answer?

"My antivirus or malware protection is blocking me from accessing Tor Browser."

Most antivirus or malware protection allows the user to "whitelist" certain processes that would otherwise be blocked. Please open your antivirus or malware protection software and look in the settings for a "whitelist" or something similar. Next, exclude the following processes:

For Windows

firefox.exe
tor.exe
obfs4proxy.exe (if you use bridges)

For macOS

TorBrowser
tor.real
obfs4proxy (if you use bridges)

Finally, restart Tor Browser. This should fix the issues you're experiencing. Please note that some antivirus clients, like Kaspersky, may also be blocking Tor at the firewall level.

https://support.torproject.org/tbb/tbb-10/

comment:2 Changed 4 weeks ago by boklm

I think it is not exactly the same as this question, which is for people who already know they want to disable their antivirus to allow Tor to work.

This new question is for people who are worried because they see that their antivirus flagged tor browser as suspicious, are wondering why, and if it is safe to still install it.

This would be to answer questions like this one on the blog:
https://blog.torproject.org/comment/285273#comment-285273

But maybe the question from https://support.torproject.org/tbb/tbb-10/ can be changed to answer both things.

Note: See TracTickets for help on using tickets.