Brave Browser Installation Problem

[lordvirus 0]

Hey guys.

When I try to install Brave browser, Emsisoft shows warning and tries to quarantine it . Is it possible Brave's setup.exe contains virus?

[JeremyNicoll 73]

Where - tell us the URL - did you find the installer for this?

And what did EAM say about it?

[lordvirus 0]

I've installed it from official website. https://brave.com/

EAM said: Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\Username\AppData\Local\Temp\CR_0D7F2.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58)

[JeremyNicoll 73]

Ok.  I plugged that SHA1 hash into the search option at the VirusTotal website, which then displays what various anti-virus & anti-malware utilities think about a file (regardless of what it's been named) that contains the same thing as your file did.   See: https://www.virustotal.com/gui/file/d0864f12625afab65a023d1231dd518113d0d867ac4e9d275d62636a9ef0696d/details

When VT looked at an instance of that file - 11 hours ago - none of the 72 utilities they used thought it was infected.

However, those results are all checks of the file itself.   EAM's Behaviour Blocker looks at what the file does when it is run.   Although the VT website lists some of the things that this program is known to do - files it opens, registry keys it sets etc (on the "Details" tab at the VT results page), neither you nor I have any idea what the Behavior Blocker didn't like.

It occurs to me that this file is pretty small - only a couple of MB - so probably what it does is contact the Brave server and download the actual browser.  That might look a lot like a piece of malware trying to contact its command & control server.  On the other hand lots of installers do that sort of thing.

I wouldn't take the risk - Crypto Malware is extremely bad news.  I think you will need to wait until someone from Emsisoft can say if the EAM warning is a mistake or genuine.

Edited July 18, 2019 by JeremyNicoll
added comment on file size

[lordvirus 0]

I thought maybe it’s the TOR browsing feature of Brave Browser. 

[JeremyNicoll 73]

Just now, lordvirus said:

I thought maybe it’s the TOR browsing feature of Brave Browser. 

It's the installer that got the EAM warning though, not the Brave browser itself.   Unless the installer also uses TOR to grab the full program?     You will need to wait for Emsisoft to comment.

[Kevin Zoll 308]

It's a Behavioral alert on the part of or Behavior Blocker.

Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\*******\AppData\Local\Temp\CR_4D200.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58)

I've reported it to our lab.  They should fix it shortly.

[lordvirus 0]

So I shouldn't worry about and keep using Brave Browser?

[GT500 787]

14 hours ago, lordvirus said:

So I shouldn't worry about and keep using Brave Browser?

The issue was more than likely that they forgot to digitally sign something. At least assuming you downloaded the installer from the official Brave Browser website.

[Teahead 0]

The exact same thing happend today. I tried to install the Brave browser and Emsisoft blocked the installation: 

ID  Object
0   C:\Users\root\AppData\Local\Temp\CR_0C64B.tmp\setup.exe  Behavior.CryptoMalware

I downloaded the setup file from the official website: https://brave.com/

Is there a fix? How can I install the browser?

[GT500 787]

14 hours ago, Teahead said:

Is there a fix? How can I install the browser?

You can temporarily disable the Behavior Blocker in Emsisoft Anti-Malware while you install Brave. Just right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), go to Protection status, and select Disable Behavior Blocker. Just be sure to turn it back on again when you're done.