desktop Windows AV blocking opening zen.exe due to virus/trojan found in the executable.

zen

Jul 06 '24 20:07 TrueHerobrine

Screenshot_20240706_225017

virus detection websites dont detect anything so I dont know why is windows AV complaining...

Jul 06 '24 20:07 mr-cheffy

I might try to whitelist the exe. I'll get back with an update.

Jul 06 '24 21:07 TrueHerobrine

Update: Just tried again without adding an exception and it works flawlessly. TLDR: Windows is weird.

Jul 06 '24 21:07 TrueHerobrine

Windows is weird. Thanks a lot for trying it out!

Jul 06 '24 21:07 mr-cheffy

No worries! Found it on Reddit and was actually very impressed. I have my own browser but I'm not forking it off of anything, so it's cool to see an indie browser thriving like this!

Jul 06 '24 21:07 TrueHerobrine

In the last 30 minutes, while I was accessing a site, using version 1.0.0-a.29 (64-bit), Windows Defender terminated the App and deleted the core executable.

Aug 26 '24 00:08 DavidGreen63

Same happened to me. Admittedly my Defender is very weird and Windows Security crashes when I try to open it, so I can't open the UI to add exclusions or inspect things that way, but a.28 works

Aug 26 '24 01:08 clembu

It happened to me too, mine Zen was flagged by Kaspersky when I tried to import data from another browser.

Aug 26 '24 02:08 danmaxis

Windows 11 Version 10.0.22631 Build 22631

Zen was installed directly from the website. https://www.zen-browser.app/

Windows Defender Picked it up as soon as I opened Zen.exe

Trojan Name = "Wacatac.B!ml"

I dont want to be excluding something with that name, a quick google search will show you this is a popular one.

Aug 26 '24 02:08 Meathelix1

I have the same problem, first the core executable was deleted and then a can't download the installer :/

Aug 26 '24 02:08 Xavi-X333

Maybe it is an issue that will fade once Zen gets a signature, but as it stands, its normal operations are being flagged as Malware/Trojan like. I think I'll look into Zen again once it gets a little less alpha or beta-ish.

Aug 26 '24 02:08 DavidGreen63

The Generic Version does not pick up as a Trojan. It's just the Optimized Version.

Aug 26 '24 02:08 Meathelix1

Screenshot 2024-08-26 094935

Virustotal is also showing it as some trojan script. Are all of these just false positives?

Aug 26 '24 04:08 HamzaConcepts

Check this information: https://virustotal.readme.io/docs/false-positive

and try also analyzing the file in other places like:

https://internxt.com/virus-scanner

https://opentip.kaspersky.com/

Aug 26 '24 06:08 extropyst

Getting blocked for me too.

Aug 26 '24 06:08 jakehower

Exactly the same problem as others are having. Also the installer is detected as PUA:Win32/Packunwan. Idk but I'm not satisfied with the answer "Windows is weird". I guess we're going to wait until this exe and thing are going to be signed and stuff. Peace.

ApplicationFrameHost_EKwNHXAcrb

Aug 26 '24 09:08 soulhax

afbeelding Same issue here, it worked just fine when I installed it on my desktop but my laptop refuses installing it.

Aug 26 '24 09:08 MatfenV1

Same here (Windows 11 Pro 23h2)

Aug 26 '24 09:08 Abelkrijgtalles

Just wanted to report that this is still happening. System: Windows 11 Pro 22H2 Build: 22621.3880

Aug 26 '24 09:08 J-Cake

I also get this same trojan script, this made me uninstall zen immediately

Aug 26 '24 09:08 MikeyA-yo

Could this maybe have a connection to the new windows defender update? 1.0.0-a.29 was released 2 days ago, but this problem only started about 9 hours ago.

EDIT: The latest update I've installed (defender version 1.417.317.0), doesn't include anything about Trojan:Script/Wacatac.B!ml.

Aug 26 '24 09:08 Abelkrijgtalles

Just tried to install the Zen browser on a Windows 10 and it blocks it claiming that there's a "PUA:Win32/Packunwan" virus

Aug 26 '24 09:08 alexugthub

I am on Win 10 Pro, and after the core executable was annexed, I attempted to uninstall. The uninstall would not function, which did surprise me. Maybe the missing file was causing the uninstaller to fail. I just deleted the folder where the application had been stored. Judging from the previous posts on this thread, I will definitely consider carefully before any re-install before a signed binary is available.

Aug 26 '24 10:08 DavidGreen63

Has anyone tried to build it from source to check if the issue still there?

Aug 26 '24 10:08 Abelkrijgtalles

What's the problem exactly? that it's not signed?

Aug 26 '24 10:08 mr-cheffy

im going to release today, see if that fixes it?

Aug 26 '24 10:08 mr-cheffy

What's the problem exactly? that it's not signed?

That is one of the theories (EDIT: or maybe the only one), but Windows is just very silent and gives no information about the trojan

Aug 26 '24 10:08 Abelkrijgtalles

From my experience as a Windows app developer there are two major things:

The installer/exe at least should be signed to avoid any issues with SmartScreen. Having an EV certificate helps even more because the reputation in SmartScreen starts higher already.
AV false positives in MSI files are quite common. Almost every MSI release I make on Windows has one or two false positives in VirusTotal (out of > 70 AV tools). I haven't found a way to prevent or a root cause for those false positives. Depending on the AV tool complaining you can submit/contact the AV vendor with a link to the VirusTotal page and report a false positive.

Aug 26 '24 10:08 StefanKoell

where do I get the license key though? Im very confused I cant find any docs about it

Aug 26 '24 10:08 mr-cheffy

@mauro-balades what license key are you referring to? Couldn't find any mention of a license in this thread.

Aug 26 '24 10:08 StefanKoell