lordvirus 0 Report post Posted July 18 Hey guys. When I try to install Brave browser, Emsisoft shows warning and tries to quarantine it . Is it possible Brave's setup.exe contains virus? Quote Share this post Link to post Share on other sites
JeremyNicoll 57 Report post Posted July 18 Where - tell us the URL - did you find the installer for this? And what did EAM say about it? Quote Share this post Link to post Share on other sites
lordvirus 0 Report post Posted July 18 I've installed it from official website. https://brave.com/ EAM said: Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\Username\AppData\Local\Temp\CR_0D7F2.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58) Quote Share this post Link to post Share on other sites
JeremyNicoll 57 Report post Posted July 18 (edited) Ok. I plugged that SHA1 hash into the search option at the VirusTotal website, which then displays what various anti-virus & anti-malware utilities think about a file (regardless of what it's been named) that contains the same thing as your file did. See: https://www.virustotal.com/gui/file/d0864f12625afab65a023d1231dd518113d0d867ac4e9d275d62636a9ef0696d/details When VT looked at an instance of that file - 11 hours ago - none of the 72 utilities they used thought it was infected. However, those results are all checks of the file itself. EAM's Behaviour Blocker looks at what the file does when it is run. Although the VT website lists some of the things that this program is known to do - files it opens, registry keys it sets etc (on the "Details" tab at the VT results page), neither you nor I have any idea what the Behavior Blocker didn't like. It occurs to me that this file is pretty small - only a couple of MB - so probably what it does is contact the Brave server and download the actual browser. That might look a lot like a piece of malware trying to contact its command & control server. On the other hand lots of installers do that sort of thing. I wouldn't take the risk - Crypto Malware is extremely bad news. I think you will need to wait until someone from Emsisoft can say if the EAM warning is a mistake or genuine. Edited July 18 by JeremyNicoll added comment on file size Quote Share this post Link to post Share on other sites
lordvirus 0 Report post Posted July 18 I thought maybe it’s the TOR browsing feature of Brave Browser. Quote Share this post Link to post Share on other sites
JeremyNicoll 57 Report post Posted July 18 Just now, lordvirus said: I thought maybe it’s the TOR browsing feature of Brave Browser. It's the installer that got the EAM warning though, not the Brave browser itself. Unless the installer also uses TOR to grab the full program? You will need to wait for Emsisoft to comment. Quote Share this post Link to post Share on other sites
Kevin Zoll 280 Report post Posted July 18 It's a Behavioral alert on the part of or Behavior Blocker. Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\*******\AppData\Local\Temp\CR_4D200.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58) I've reported it to our lab. They should fix it shortly. Quote Share this post Link to post Share on other sites
lordvirus 0 Report post Posted July 19 So I shouldn't worry about and keep using Brave Browser? Quote Share this post Link to post Share on other sites
GT500 574 Report post Posted July 19 14 hours ago, lordvirus said: So I shouldn't worry about and keep using Brave Browser? The issue was more than likely that they forgot to digitally sign something. At least assuming you downloaded the installer from the official Brave Browser website. Quote Share this post Link to post Share on other sites
