Opera 73.0.3827.0 developer update
-
AndrewMills last edited by
Hi, in my new installation, every time I start Opera developer, Windows antivirus warns of a serious threat and appear this message...
https://ibb.co/zR3V45v -
burnout426 Volunteer last edited by
@gmiazga FWIW worth, I also submitted the dll for review as a false positive (and explained the situation and linked to threads about it) to Microsoft. See https://www.reddit.com/r/operabrowser/comments/j4ihvn/foxie_malware/g7ubuqi/?utm_source=reddit&utm_medium=web2x&context=3 for their response. Hopefully you have better luck.
-
burnout426 Volunteer last edited by
@kened said in Opera 73.0.3827.0 developer update:
In fact, I was prevented from uninstalling Opera by the conventional method.
In https://www.reddit.com/r/operabrowser/comments/j4ihvn/foxie_malware/g7s2mqv/?utm_source=reddit&utm_medium=web2x&context=3, I mentino how I had to kill some Opera processes to do some cleanup to get updating working again. I also had to do that to be able to uninstall Opera.
-
kened Banned last edited by
@burnout426: I think we deserve a full explanation about what is happening. This is not normal.
-
burnout426 Volunteer last edited by burnout426
@kened What I know right now is that Windows Defender doesn't think it's malware or a virus. It just tags it as a potentially unwanted program. It's detected as BrowserModifier:Win32/Foxiebro. I can understand that as the Opera installer actions can and do modify Opera. So, it is indeed a "BrowserModifier", technically. The weird thing is it just started happening recently. I'm not sure if it's due to a definition update for Windows Defender where they have stricter rules or just a change (it'd be a safe change) in Opera's installer actions that triggers Defender now. And, remember. No other anti-virus does this.
If you're sure you don't have any real BrowserModifier:Win32/Foxiebro infections on your computer, you can allow the threat in Windows Defender until this gets sorted.
Reading the "Unwanted Software" section at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/criteria leads me to believe that Defender wants something in Opera's installer to be user-initiated in some way. Opera might just have to change something with one of its installer functions (when checking/doing updates etc.) to work around the detection and make Defender happy. But, we'll have to wait and see what Opera says.
-
gmiazga Opera last edited by
Microsoft removed this detection. Their full reply:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
From our side there have been small changes in installer code on developer which probably got detected as malware together with Microsoft definitions update done on 2-3 October.
-
burnout426 Volunteer last edited by
@gmiazga I made sure to remove the threat from "allowed threats" so that I can test if there's still a problem or not. All good so far after doing the commands. Opera Developer isn't trigger Windows Defender anymore.
-
burnout426 Volunteer last edited by burnout426
@burnout426 However, if I right-click the Opera installer dll that I had saved and choose to scan it with Defender, it still detects the dll as being infected.
-
tr3x last edited by
@gmiazga cool, thanks for resolving this
just for information, you have to run the commands like
.\MpCmdRun.exe -removedefinitions -dynamicsignatures
.\MpCmdRun.exe -SignatureUpdatewith '.' in the beginning because in another case you'll see 'The command MpCmdRun.exe was not found, but does exist in the current location' error
I executed the command, will monitor the further behavior