gz83
commented
1 year ago Local test did not find any abnormalities, please consider that it is a false alarm of antivirus software
@kowith337
Closed kowith337 closed 12 months ago
gz83
commented
1 year ago Local test did not find any abnormalities, please consider that it is a false alarm of antivirus software
@kowith337
Alex313031
commented
1 year ago @kowith337 @gz83 No I noticed this too with the latest .exe installer. I had to disable windows defender to get it to install. The actual mercury.exe doesn't seem to trip it, only the installer. I am not sure why. I have not changed anything with the installer. Must be upstream.
I imagine it would probably not do this if it was signed like official firefox releases.
To make sure it isn't mercury code, I will make a vanilla firefox build and installer, and see if that is detected as a trojan.
But, no, mercury is not malicious. If you don't trust me, you can take a look at the source and compile it yourself, and compare it to my releases to see that they are the same.
Alex313031
commented
1 year ago Also, @gz83 It might not have tripped it for you since you are on Win 11. I am on 10. The defender binaries are different (although the virus definition updates are the same for Win 7 - Win 11)
@kowith337 Are you on Win 10 or 11?
Also, I updated the release with info about this > https://github.com/Alex313031/Mercury/releases/tag/v.115.0.0
gz83
commented
1 year ago I don't use Defender, I use Kaspersky, and no viruses or trojans are reported on Kaspersky
@kowith337 @Alex313031
kowith337
commented
1 year ago I'm on Win 10 22H2. For now due to detection, it seems executable are deleted even downgrade to 112, trying exclude folder and attempt to run again now...
Alex313031
commented
1 year ago @kowith337 Yeah its annoying, because it deletes it when you try to download it.
kowith337
commented
12 months ago Redacted previous comments, it seems like previous actions since 115.0 are stucked and cause mercury.exe will be removed over and over, I'll redownload with 115.1 and scan both installer and zip, seems like everything is clean and none of alerts.
RacerDuke
commented
11 months ago I just got this same false positive. The browser completely closed out and got quarantined by Defender. I'm on Windows 11 Pro 22H2 and Mercury 115.2.0. Had to exclude the program directory and restore from quarantine. Couldn't find an easy way to report false positives to Microsoft.
Lumb-Chul
commented
11 months ago I'm also having this issue on Microsoft Defender as well as Sentinel One
Catbirby
commented
9 months ago +1 I also got this. It only happened after a restart for me. Running latest version of mercury, Windows 11 23H2. Hopefully this might provide more insight.
PS C:\Users\Catbirby> Get-MpThreatDetection
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {49B1AB45-8FE5-4EC2-A46A-87EC25F197AC}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:27:47 AM
LastThreatStatusChangeTime : 10/18/2023 8:28:11 AM
ProcessName : C:\Users\CATBIR~1\AppData\Local\Temp\7zS0BF49546\setup.exe
RemediationTime : 10/18/2023 8:28:11 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mercury.lnk,
file:_C:\Users\Public\Desktop\Mercury.lnk,
startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mercury.lnk}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {69D3097E-E261-4067-B31C-B89B8A1D0C62}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:18:40 AM
LastThreatStatusChangeTime : 10/18/2023 8:19:32 AM
ProcessName : C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
RemediationTime : 10/18/2023 8:19:32 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe, file:_C:\PROGRA~1\Mercury\mercury.exe}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {8D30A87D-D95E-43BE-9E20-F008AD7D087E}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:18:33 AM
LastThreatStatusChangeTime : 10/18/2023 8:19:30 AM
ProcessName : C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
RemediationTime : 10/18/2023 8:19:30 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mercury.lnk,
file:_C:\Users\Catbirby\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Mercury.lnk, file:_C:\Users\Public\Desktop\Mercury.lnk...}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {B4231438-8E21-4519-A99B-C13D6C3B11FD}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:27:52 AM
LastThreatStatusChangeTime : 10/18/2023 8:28:13 AM
ProcessName : C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
RemediationTime : 10/18/2023 8:28:13 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe, file:_C:\PROGRA~1\Mercury\mercury.exe}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName : Interestingly I cannot get it to detect Mercury consistently
Detected as Trojan:Win32/Bearfoos.A!ml in zip, so I've check VT hash and found Installer detect: 12/68 Zip detect: 10/60
First of all, I think I've downloaded 115 and extract overwrite, but in about dialog say I'm still use 112, so I clean entire program folder, extract and open browser, then got alarmed.