Opera 73.0.3827.0 developer update
-
kened Banned last edited by
@burnout426: I think we deserve a full explanation about what is happening. This is not normal.
-
burnout426 Volunteer last edited by burnout426
@kened What I know right now is that Windows Defender doesn't think it's malware or a virus. It just tags it as a potentially unwanted program. It's detected as BrowserModifier:Win32/Foxiebro. I can understand that as the Opera installer actions can and do modify Opera. So, it is indeed a "BrowserModifier", technically. The weird thing is it just started happening recently. I'm not sure if it's due to a definition update for Windows Defender where they have stricter rules or just a change (it'd be a safe change) in Opera's installer actions that triggers Defender now. And, remember. No other anti-virus does this.
If you're sure you don't have any real BrowserModifier:Win32/Foxiebro infections on your computer, you can allow the threat in Windows Defender until this gets sorted.
Reading the "Unwanted Software" section at https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/criteria leads me to believe that Defender wants something in Opera's installer to be user-initiated in some way. Opera might just have to change something with one of its installer functions (when checking/doing updates etc.) to work around the detection and make Defender happy. But, we'll have to wait and see what Opera says.
-
gmiazga Opera last edited by
Microsoft removed this detection. Their full reply:
We have removed the detection. Please follow the steps below to clear cached detection and obtain the latest malware definitions.
- Open command prompt as administrator and change directory to c:\Program Files\Windows Defender
- Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”
- Run "MpCmdRun.exe -SignatureUpdate"
Alternatively, the latest definition is available for download here: https://www.microsoft.com/en-us/wdsi/definitions
From our side there have been small changes in installer code on developer which probably got detected as malware together with Microsoft definitions update done on 2-3 October.
-
burnout426 Volunteer last edited by
@gmiazga I made sure to remove the threat from "allowed threats" so that I can test if there's still a problem or not. All good so far after doing the commands. Opera Developer isn't trigger Windows Defender anymore.
-
burnout426 Volunteer last edited by burnout426
@burnout426 However, if I right-click the Opera installer dll that I had saved and choose to scan it with Defender, it still detects the dll as being infected.
-
tr3x last edited by
@gmiazga cool, thanks for resolving this
just for information, you have to run the commands like
.\MpCmdRun.exe -removedefinitions -dynamicsignatures
.\MpCmdRun.exe -SignatureUpdatewith '.' in the beginning because in another case you'll see 'The command MpCmdRun.exe was not found, but does exist in the current location' error
I executed the command, will monitor the further behavior
-
ziegensatan last edited by
@tr3x try open cmd with adminsitrator rights (right click -> run as admin)
cd c:\Program Files\Windows Defender
MpCmdRun.exe -removedefinitions -dynamicsignatures
MpCmdRun.exe -SignatureUpdate -
tr3x last edited by
@ziegensatan thanks, but I already ran the commands in powershell with dotslash in the beginning and there worked good
-
craigsn last edited by
@gmiazga said in Opera 73.0.3827.0 developer update:
MpCmdRun.exe -SignatureUpdate
Thanks you for this update
-
A Former User last edited by
Good i stayed at Version 69 ..... everything still works.
Even my V7 Bookmarks extension...