On September 30th, Microsoft Defender mistakenly deleted Tor Browser from users' PCs, incorrectly identifying it as a trojan called "Win32/Malgent!MTB". Microsoft has acknowledged this as a false-positive and has since removed Tor Browser from the latest version of Defender's signature database (version 1.397.1910.0). To resolve the issue, users can update Microsoft Defender and reinstall Tor Browser, or restore it from quarantine if it was mistakenly removed.
This false-positive incident occurred during the rollout of Tor Browser version 12.5.6. It is not entirely surprising that Microsoft Defender mistook the automatic update of the browser for a trojan, considering that some trojans use onion routing to conceal their activities, and tampered versions of Tor Browser are somewhat common. Therefore, it is always recommended to download the browser from official sources only. Interestingly, Microsoft Defender did not flag the 32-bit versions of Tor Browser. Additionally, a moderator on the Tor Project forum points out that the tor.exe 12.5.6 is an exact copy of the previous 64-bit release.
The Tor Browser has a history of being wrongly identified as malware by antivirus tools, causing false positives. Despite frustration from some users, the Tor Project took its time to evaluate the situation, which was the right approach. Since the Tor Browser has been targeted by hackers in the past, any claims of wrongdoing should be treated seriously.
While it is difficult to fault Microsoft Defender for making mistakes, it is important for them to improve the accuracy of their detection software. False positives can create a misleading perception, especially for inexperienced or impatient users who might wrongly believe the Tor Browser is immune to malicious attacks. If you were affected by this situation, it is recommended to act with patience in the future and consider verifying your Tor Browser installation. Additionally, you can use VirusTotal to scan future Tor Browser installations.
Please note that the updated version 1.397.1910.0 of the Microsoft Defender signature database does not include Tor Browser. In case you require it, you have the option to manually update Microsoft Defender, although it is expected to update automatically within the next 24 hours. Once the update is complete, please reinstall Tor Browser from the official website or restore it from quarantine using your Command Prompt. This information has been provided by the Tor Project via deform & HackRead.