False positive ?? - Tor.exe

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Using latest Tor broswer, Comodo is detecting this as Malware:

Malware[at]#17py1t0l0nti1

Could someone please advise as to wether this is a false positive or indeed this browser has been tainted?!?!?

I also ran the Tor.exe on virusTotal:

(I’m using Comodo v 12.0.0.6818 database 32874, Tor broswer v10.0)

2

file send for virustotal not is part tor browser;
users malicious spread files with name equal files safes and infected PCs the others users careless, for example, It is tactic “reverse engineering” :-TU

Sorry my english

3

I take it no one else who uses tor hasn’t experienced this? I’ve re-downloaded and reinstalled Tor but still have this issue. How long does it take for an issue like this to be resolved i.e investigated confirmed/not confirmed that it’s a false pos? I’m holding off using tor because I do feel this is a false positive but would like some confirmation…

4

Just ran the latest V10 of Tor with no notification at all from CIS 12.2.2.7062 on Win10 and I’ve used it many times w/o any CIS problems in the past

5

I too had been using tor for many months, only now getting this problem. One thing I did notice between me and you is that I am using a older version of comodo and I have auto update on!?!.. One thing I would be interested in, could you please put your tor.exe through virustotal and feedback results - as of right now it is showing there are 6 programs picking up malware…

6

I get the same on Virus Total as you, but it is a common issue with Tor going back years. There’s an article on the Project itself: https://support.torproject.org/ with some advice and others all over the web. The Tor project is a Trusted Vendor and the executables are all white listed on install.

As for the CIS Automatic Update; Comodo hasn’t released the newer RC to the update channel yet . . . only they know why. If you want the latest RC, it’s on the Comodo site and the newest Beta with install instructions is here: CIS Beta 12.2.2.7062

7

Hello,

This is to inform you that the file with SHA1 f02876e56abe4b7d8712faa82b0f4f2e2e7318ad has been classified as Potentially Unwanted Application, so it is not a False Positive detection. Also detection has been renamed to Application.Win32.NetTool.TorTool.a. You can still use the application by adding it to your trusted files.

Thank you !

8

Hmm file lookup is causing a detection name of Application.Win32.NetTool.TorTool.a@1

9

You are right, the detection name is Application.Win32.NetTool.TorTool.a. It is my mistake. I’m sorry for that.