lordvirus

Brave Browser Installation Problem

Recommended Posts

Hey guys.

When I try to install Brave browser, Emsisoft shows warning and tries to quarantine it . Is it possible Brave's setup.exe contains virus?

Share this post


Link to post
Share on other sites

I've installed it from official website. https://brave.com/

EAM said: Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\Username\AppData\Local\Temp\CR_0D7F2.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58)

Share this post


Link to post
Share on other sites

Ok.  I plugged that SHA1 hash into the search option at the VirusTotal website, which then displays what various anti-virus & anti-malware utilities think about a file (regardless of what it's been named) that contains the same thing as your file did.   See: https://www.virustotal.com/gui/file/d0864f12625afab65a023d1231dd518113d0d867ac4e9d275d62636a9ef0696d/details

When VT looked at an instance of that file - 11 hours ago - none of the 72 utilities they used thought it was infected.

However, those results are all checks of the file itself.   EAM's Behaviour Blocker looks at what the file does when it is run.   Although the VT website lists some of the things that this program is known to do - files it opens, registry keys it sets etc (on the "Details" tab at the VT results page), neither you nor I have any idea what the Behavior Blocker didn't like.

It occurs to me that this file is pretty small - only a couple of MB - so probably what it does is contact the Brave server and download the actual browser.  That might look a lot like a piece of malware trying to contact its command & control server.  On the other hand lots of installers do that sort of thing.

I wouldn't take the risk - Crypto Malware is extremely bad news.  I think you will need to wait until someone from Emsisoft can say if the EAM warning is a mistake or genuine.

Edited by JeremyNicoll
added comment on file size

Share this post


Link to post
Share on other sites
Just now, lordvirus said:

I thought maybe it’s the TOR browsing feature of Brave Browser. 

It's the installer that got the EAM warning though, not the Brave browser itself.   Unless the installer also uses TOR to grab the full program?     You will need to wait for Emsisoft to comment.

Share this post


Link to post
Share on other sites

It's a Behavioral alert on the part of or Behavior Blocker.

Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\*******\AppData\Local\Temp\CR_4D200.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58)

I've reported it to our lab.  They should fix it shortly.

Share this post


Link to post
Share on other sites
14 hours ago, lordvirus said:

So I shouldn't worry about and keep using Brave Browser?

The issue was more than likely that they forgot to digitally sign something. At least assuming you downloaded the installer from the official Brave Browser website.

Share this post


Link to post
Share on other sites

The exact same thing happend today. I tried to install the Brave browser and Emsisoft blocked the installation: 

ID  Object
0   C:\Users\root\AppData\Local\Temp\CR_0C64B.tmp\setup.exe  Behavior.CryptoMalware

I downloaded the setup file from the official website: https://brave.com/

Is there a fix? How can I install the browser?

Share this post


Link to post
Share on other sites
14 hours ago, Teahead said:

Is there a fix? How can I install the browser?

You can temporarily disable the Behavior Blocker in Emsisoft Anti-Malware while you install Brave. Just right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), go to Protection status, and select Disable Behavior Blocker. Just be sure to turn it back on again when you're done.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.