VirusTotal, Cylance and MaxSecure flag Firefox Installer as Trojan
VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan.
VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1
All Replies (4)
That's read like what a "Malware/Virus" infection would say. What security software do you have installed?
Antony06 said
VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1
Cylance is shwing as green on that page though Cylance allegedly having a unsafe result means nothing as they give a false positive way too frequently over the years on virustotal. Cylance, Clam, Antiy-AVL, and Jiangmin (and also Norton at times) have done "False Positives" frequently over the years.
It looks like it is having a issue with 7zS.sfx (look in details on page) which is the 7-ZIP self extractor used since early on and these mentioned antivirus get the occasional false positive hit on that.
Firefox setups for Windows have been self-extracting 7z since Firefox 0.8 (Feb 2004)
They tend to do it with the small online stub installer (which you uploaded) but not the full offline setup for Windows from say https://www.mozilla.org/firefox/all/#product-desktop-release
Would not really trust MaxSecure https://www.reddit.com/r/antivirus/comments/rz7gzn/maxsecure_the_antivirus_i_dont_recommend/
James modificouno o
It looks like Cylance updated and now only MaxSecure (who is this?) has a detection for the setup-stub.exe file.
It's not unusual for one of the lesser known engines to cough at a Firefox installer because it uses a self-expanding 7-zip archive, and so do many malware, so at the surface level, it might seem suspicious.
You could try using the full/offline installer if you don't want to use the stub installer. See: Custom installation of Firefox on Windows.
James said
Antony06 said
VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1Cylance is shwing as green on that page though Cylance allegedly having a unsafe result means nothing as they give a false positive way too frequently over the years on virustotal. Cylance, Clam, Antiy-AVL, and Jiangmin (and also Norton at times) have done "False Positives" frequently over the years.
It looks like it is having a issue with 7zS.sfx (look in details on page) which is the 7-ZIP self extractor used since early on and these mentioned antivirus get the occasional false positive hit on that.
Firefox setups for Windows have been self-extracting 7z since Firefox 0.8 (Feb 2004)
They tend to do it with the small online stub installer (which you uploaded) but not the full offline setup for Windows from say https://www.mozilla.org/firefox/all/#product-desktop-release
Would not really trust MaxSecure https://www.reddit.com/r/antivirus/comments/rz7gzn/maxsecure_the_antivirus_i_dont_recommend/
I reported the file to Cylance as a false positive, that's why it's showing green now, but for MaxSecure I couldn't find where to report for a false positive. Maybe someone at Firefox can get in touch with them. Maybe someone from Firefox should scan the file with virustotal before putting it to download.