Windows users have recently begun mass-reporting that Microsoft's Defender antivirus program, which is integrated into Windows 10 and 11 by default, is
I’m not sure about the browser, but a lot of malware used to ship with the tor binary and used it to connect to the CNC. I can totally see it ending up in the indicator list.
I love bashing MS as much as the next guy, but this is not completely indefensible behavior given typical user use cases and needs. As long as it’s easy to add an exception of you installed it on purpose.
I've run into antiviruses blocking code I've written just because I pulled in certain cryptographic libs. Literally pulling in some Microsoft cryptography libraries in c# made it think I was writing a crypto locker.
A little context, one of the larger exit nodes was compromised and would send malware to your computer. The behavior shield probably caught this and correctly marked the program as a trojan, since, by definition, that's literally what it was acting as when connected to that node. More advanced AVs (like malwarebytes) will instead block the malicious connection rather than blanket-banning the entire program.
Hot take, I see no issue with this. If you're savvy enough to know about Tor and its purpose, you're also savvy enough to know how to add a security exclusion in Defender. People who don't know how to whitelist a program in Defender probably did not install Tor themselves and won't be safe using a program with the capability to access the dark web.
It's extra frustration for those trying to legitimately use Tor, but it's also a safety check in the case of an unintended install.
False positives happen and it seems like they already resolved it.
It's unfortunate that MS makes it so hard to take them at their word when they're so aggressive with forcing Edge down everyone's throat. That makes even obvious bugs seem nefarious.