We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

VirusTotal, Cylance and MaxSecure flag Firefox Installer as Trojan

  • 4 réponses
  • 0 a ce problème
  • 1 vue
  • Dernière réponse par Antony06

more options

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan.

VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1
Captures d’écran jointes

Toutes les réponses (4)

more options

That's read like what a "Malware/Virus" infection would say. What security software do you have installed?

more options

Antony06 said

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1

Cylance is shwing as green on that page though Cylance allegedly having a unsafe result means nothing as they give a false positive way too frequently over the years on virustotal. Cylance, Clam, Antiy-AVL, and Jiangmin (and also Norton at times) have done "False Positives" frequently over the years.

It looks like it is having a issue with 7zS.sfx (look in details on page) which is the 7-ZIP self extractor used since early on and these mentioned antivirus get the occasional false positive hit on that.

Firefox setups for Windows have been self-extracting 7z since Firefox 0.8 (Feb 2004)

They tend to do it with the small online stub installer (which you uploaded) but not the full offline setup for Windows from say https://www.mozilla.org/firefox/all/#product-desktop-release

Would not really trust MaxSecure https://www.reddit.com/r/antivirus/comments/rz7gzn/maxsecure_the_antivirus_i_dont_recommend/

Modifié le par James

more options

It looks like Cylance updated and now only MaxSecure (who is this?) has a detection for the setup-stub.exe file.

It's not unusual for one of the lesser known engines to cough at a Firefox installer because it uses a self-expanding 7-zip archive, and so do many malware, so at the surface level, it might seem suspicious.

You could try using the full/offline installer if you don't want to use the stub installer. See: Custom installation of Firefox on Windows.

more options

James said

Antony06 said

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1

Cylance is shwing as green on that page though Cylance allegedly having a unsafe result means nothing as they give a false positive way too frequently over the years on virustotal. Cylance, Clam, Antiy-AVL, and Jiangmin (and also Norton at times) have done "False Positives" frequently over the years.

It looks like it is having a issue with 7zS.sfx (look in details on page) which is the 7-ZIP self extractor used since early on and these mentioned antivirus get the occasional false positive hit on that.

Firefox setups for Windows have been self-extracting 7z since Firefox 0.8 (Feb 2004)

They tend to do it with the small online stub installer (which you uploaded) but not the full offline setup for Windows from say https://www.mozilla.org/firefox/all/#product-desktop-release

Would not really trust MaxSecure https://www.reddit.com/r/antivirus/comments/rz7gzn/maxsecure_the_antivirus_i_dont_recommend/

I reported the file to Cylance as a false positive, that's why it's showing green now, but for MaxSecure I couldn't find where to report for a false positive. Maybe someone at Firefox can get in touch with them. Maybe someone from Firefox should scan the file with virustotal before putting it to download.