Tor browser has been blocked

Aldy
Aldy Posts: 5 Explorer
in Device Protection

My Tor browser has been blocked since I updated it a few minutes ago. The new version is 14.0.9 for Windows.

This is what happened: Drop.Win64.MemMapSelf.117314

Like Awesome

Accepted Answer

  • Firmy
    Firmy Posts: 2,133 Community Manager
    Answer ✓

    Hello @Aldy

    Welcome to the F-Secure Community. Thank you for your question and comments.

    The detection may be related to how Tor interacts with your system. Tor is often used to access parts of the dark web, which can sometimes contain malicious files or code that could trigger such detections. Additionally, if Tor Browser isn’t kept up to date, it could potentially be vulnerable to exploits. To address the issue, we recommend starting by running a full system scan with the F-Secure app to ensure any threats are removed. Review any files you've downloaded while using Tor, particularly from untrusted sources, and delete anything suspicious. Make sure your Tor Browser is updated to the latest version, and clear your cache and browsing history to remove any potentially harmful content.

    It’s also possible that this detection is a false positive, especially if the F-Secure app is flagging Tor Browser or a legitimate file as suspicious. If you believe this is the case, you can submit the sample to our labs for further investigation. For instructions, please refer to this article: How can I submit samples to F-Secure?

    Please don’t hesitate to reach out if you need any further assistance.

    Thank you, and have a wonderful day.

    Firmy
    Community Manager | F-Secure Community
    🔐 Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    💻 Empower yourself with Cybersecurity Insights and protect what matters

    1Like Awesome

Answers

  • TVC15
    TVC15 Posts: 109 Adventurer
    edited April 3

    Same thing I found on my end. I can run Tor from a USB with no problem, but it was quarantined on a Windows 11 24H2 install. I tried it a couple of times (different install locations) with 2 differing detection numbers. Using F-Secure IS v25.3

    tor3.jpg

    The same thing happened with the Mullvad browser, it was okay for awhile until this post, and my follow-up post comment(s).

    https://community.f-secure.com/en/discussion/comment/140427#Comment_140427

    edit:sp

    Like Awesome
  • Aldy
    Aldy Posts: 5 Explorer

    When does F-Secure come with a solution?

    Like Awesome
  • TVC15
    TVC15 Posts: 109 Adventurer
    https://community.f-secure.com/en/discussion/comment/140446#Comment_140446

    I don't know, maybe v25.4? Unless it has something to do with the change over of v.19 Deep Guard to relying more on the Avira scanning engine, cloud detections with the now Behavior Detection in v.25?

    Hopefully, they'll get it figured out, or a Mod or employee will stop by to give some insights as to why the FP's are happing more frequently, seemingly? with this newer version.

    1Like Awesome
  • Aldy
    Aldy Posts: 5 Explorer

    The problem started when there was an update of the Tor browser. So, now I installed the new version of the Tor browser with F-Secure not working.

    F-Secure is on again and the Tor browser is working. Maybe this will work for the update of the Mullvad browser as well.

    1Like Awesome
  • Aldy
    Aldy Posts: 5 Explorer

    Hello Firmy,

    Thank you for your reaction. I never download any programs or content from the dark web, and every Sunday I have an extra scan. So I think I am secured.

    And many thanks for the recommendations for optimal security.

    Aldy

    Like Awesome
  • Ukko
    Ukko Posts: 3,808 Superuser

    Hello,

    Unless it has something to do with the change over of v.19 Deep Guard to relying more on the Avira scanning engine, cloud detections with the now Behavior Detection in v.25?

    This is surely the case.

    I was getting exactly the same detection (well, the type of detection - not sure about generic numerals) for Mullvad Browser during early beta stages of dropping DeepGuard (last december?! or when it was). When there was already only "Device Protection" module as a robust armor.

    So, to me it doesn't look like signature-based or whatever common engine detection, but just behavioral-based and so things. Which was before - DeepGuard.

    I never tried to run Mullvad Browser with F-Secure/DeepGuard solution (or, at least, I did not remember it). So, I am not sure about previous state. But this 'detection name' did not look like the DeepGuard type anyway.

    As in your situation - Mullvad Browser closed upon opening after a few seconds (and subsequent notification about blocking). I thought that the reason for detection is relation to Tor itself. As Tor Browser is known for such kind of detection months before or even years.

    Perhaps, solution is to whitelist it (which I think works during mentioned discussion) or do it based on some wildcard (which is probably undesired somehow). Anyway, I think continuing to send blocked 'samples' (with comments/circumstances around) is the way to eventually rid of false positive. For example, by also noting each time that 'detection' is reappeared with new update of application (or happened while at another routine of use).

    // by the way, I did not sent it at the time of my experience with this detection.

    Sorry for my English and discussion.

    Thanks!

    Like Awesome
  • Aldy
    Aldy Posts: 5 Explorer

    Hello Ukko,

    The Tor browser is actually Firefox, and when I update the Tor browser, Firefox is missing. With F-Secure off, I can update the Tor browser and new Firefox is installed.

    When I run the Tor browser now, with the scan of F-Secure in the background, it works perfectly.

    And my English is also not my native language.

    Aldy

    1Like Awesome

Categories