Norton 360 Antivirus now considers Tor Browser as a Trojan and removes it from a computer - 1st noticed Dec 9, 2022

Last night when starting Tor I received a “Norton Pop up” saying: “Auto-protect is processing security risk Trojan Horse”

A few minutes later I received another pop-up saying: "We removed security risk Trojan Horse. No further action is required.

Tor Browser was stuck on the “Establishing a Connection” page.

I did this on 2 different computers (desktop and laptop) with the exact same results.

I tried deleting Tor Browser files from the Desktop, and reinstalling Tor. Same Norton Antivirus result when Tor Browser auto started at the end of the installation.

Norton 360 Antivirus does not have an option in its control panel to add a program to a safe list, nor does it have an option to turn it off.

I called Norton, and after discussion they said that they could suspend the license for the computer I was currently using in on (my desktop) - which would disable it until I resigned in (they also said they would pass my comment on to the developers about that Tor Browser is not a Trojan).

Through trial and error I found I needed to reboot the computer for that to become effective. I could then delete and download Tor Browser again - and it worked. I restarted my Norton Antivirus after I was done; and am again blocked from using Tor Browser.

Someone from Tor Project needs to be working with Norton to resolve this. I feel its unlikely that my comment alone is going to solve the issue (if the note was sent and if the Norton Development Team pays any attention to it).

Unfortunately, the process to create an account on this site is time consuming and I could not report this last night.

Respectfully,

Allan2u

3 Likes

There are other AVs that seem to recognise tor.exe as malware too,

1 Like

As of now, 10-Dec-2022 14:58 UTC-5, 5 AV list tor.exe on VirusTotal
https: // www.virustotal[.]com/gui/file/59b462c1963f7755f2180164e1db1d980ad13c417a9c261dadc8e4fb2c50c530?nocache=1

Kasparsky is in and out at times.

Have submitted a false positive to Norton (Symantec)

I have verified the downloaded install file, using Gpg4win, as per info on the TOR site.

The suggestion to ignore the warning from the AV because it verifies correctly is bad. Since you are using TOR then you take security seriously. It is bad to ignore security errors. Gets you used to just ignore errors.

My solution was that I had a copy of v 11.58 on another machine and just copied that to the desktop of this machine and changed the settings to not update automatically then dismiss the reminder to update when I start TOR.

If you have 11.58 and make a mistake and do click update then do not restart TOR. Go to the folder
C:\Users\ME\Desktop\Tor Browser\Browser\TorBrowser\UpdateInfo\updates

There will a be .mar file(s) in either the 0/ folder or downloading/ folder. Get rid of that then close TOR.

1 Like

Additional Information I should have included in my original post.

I am running Windows 10.

Norton allows the download and installation of Tor Browser onto the desktop.

The issue is when you launch Tor Browser. It then detects it as a Trojan.

I should have included that also. Ditto here

BobbyB:

A problem is that Norton removes enough of the executables that there is no way to disable update, and that I have always wiped out the Tor Desktop files before downloading a new file.

There are no old files of previous versions on my computer. I also don’t know if this is actually a version problem either.

I had the same problem today, but I finally made exclusions in Norton to ignore Tor. I did it in two places, for the scans and for the internet. Now Norton ignores / allows the Tor browser without a problem.

Found the answer to my own question, with a bit of a search. Needed to add exclusions for tor.exe, firefox.exe and snowflake-client.exe

I had the same problem. Unfortunately, to avoid this the only thing I can think of is to uninstall Tor and reinstall it.

“torbrowser-install-win64-12.0_ALL.exe” is scanned as safe. However following install of Tor Browser 12.0 (Windows), Norton 360 reports “tor.exe” as containing Trojan and immediately blocks (removes) file.
image

Hey everyone – please make sure you’ve followed these steps to add Tor Browser related processes to your antivirus’ “allowlist”, before trying anything else:

1 Like

OK here is a work around. Get the older version of 11.5.8 here:
https://archive.torproject.org/tor-package-archive/torbrowser/11.5.8/

You want these two files for US English (or choose whatever language)
torbrowser-install-11.5.8_en-US.exe 2022-11-22 17:48 98M
torbrowser-install-11.5.8_en-US.exe.asc 2022-11-22 21:04 801

You can do your due diligence and verify the signature using the .asc file. See the Tor site

Download the install, disconnect your Internet, install the program then start the browser. You are now in Firefox and it is trying to connect to TOR. Go to the Tools/Settings/General (or click hamburger button on top right/settings), scroll to: Allow Firefox to, and select: Check for updates but let you choose to install them.

Exit, connect the Internet, and start TOR. Dismiss the option to update.

Duncan: Norton 360 does not have an “allow list” feature. Going to settings only allows allows me to “tour” the latest version of Norton 360 or set up their VPN (I’m using another VPN). There is no place for me to add Tor.exe to any list. I believe I mentioned that in my original post.

I get the same screen as pqgjr posted above (before I close it)

Someone from Tor Project needs to be talking to Norton to resolve this.

Another day I will try downloading the old version that BobbyB posted, and see if that works.

Have you tried Norton’s official support guide?

gus: Those instructions don’t work for Norton 360.

You can access the settings for “Device Security”; but the “Antivirus area” is grayed out. The only thing that can changed is the “Spam” area and the “Administrative Settings” which control how Norton operates in the background.

Same here. Fantastically annoying. Why hasn’t Norton fixed this. When installing it scans and says Tor is safe. But when you try to use it says it has detected Trojan Horse and removes Tor.exe ???

Please keep in mind we’re a relatively small nonprofit, however it looks like Norton users can report false positives here: NortonLifeLock Customer Support Portal

3 Likes

Could you be more specific? Where in the configuration panel of Norton did you the exclusions? Could you share the path? . I’m not a big computer expert, and i’ve been having the same problem, and also tried to change configurations, but didn’t work. Thanks!

The same is happening to me. I accesed Norton and reported a false positive: NortonLifeLock Customer Support Portal

I had the same problem with Norton today. I encourage others to enter this site and report the false positive. I already did it :slight_smile:

1 Like