Closed kowith337 closed 12 months ago
Local test did not find any abnormalities, please consider that it is a false alarm of antivirus software
@kowith337
@kowith337 @gz83 No I noticed this too with the latest .exe installer. I had to disable windows defender to get it to install. The actual mercury.exe doesn't seem to trip it, only the installer. I am not sure why. I have not changed anything with the installer. Must be upstream.
I imagine it would probably not do this if it was signed like official firefox releases.
To make sure it isn't mercury code, I will make a vanilla firefox build and installer, and see if that is detected as a trojan.
But, no, mercury is not malicious. If you don't trust me, you can take a look at the source and compile it yourself, and compare it to my releases to see that they are the same.
Also, @gz83 It might not have tripped it for you since you are on Win 11. I am on 10. The defender binaries are different (although the virus definition updates are the same for Win 7 - Win 11)
@kowith337 Are you on Win 10 or 11?
Also, I updated the release with info about this > https://github.com/Alex313031/Mercury/releases/tag/v.115.0.0
I don't use Defender, I use Kaspersky, and no viruses or trojans are reported on Kaspersky
@kowith337 @Alex313031
I'm on Win 10 22H2. For now due to detection, it seems executable are deleted even downgrade to 112, trying exclude folder and attempt to run again now...
@kowith337 Yeah its annoying, because it deletes it when you try to download it.
Redacted previous comments, it seems like previous actions since 115.0 are stucked and cause mercury.exe
will be removed over and over, I'll redownload with 115.1 and scan both installer and zip, seems like everything is clean and none of alerts.
I just got this same false positive. The browser completely closed out and got quarantined by Defender. I'm on Windows 11 Pro 22H2 and Mercury 115.2.0. Had to exclude the program directory and restore from quarantine. Couldn't find an easy way to report false positives to Microsoft.
I'm also having this issue on Microsoft Defender as well as Sentinel One
+1 I also got this. It only happened after a restart for me. Running latest version of mercury, Windows 11 23H2. Hopefully this might provide more insight.
PS C:\Users\Catbirby> Get-MpThreatDetection
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {49B1AB45-8FE5-4EC2-A46A-87EC25F197AC}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:27:47 AM
LastThreatStatusChangeTime : 10/18/2023 8:28:11 AM
ProcessName : C:\Users\CATBIR~1\AppData\Local\Temp\7zS0BF49546\setup.exe
RemediationTime : 10/18/2023 8:28:11 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mercury.lnk,
file:_C:\Users\Public\Desktop\Mercury.lnk,
startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mercury.lnk}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {69D3097E-E261-4067-B31C-B89B8A1D0C62}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:18:40 AM
LastThreatStatusChangeTime : 10/18/2023 8:19:32 AM
ProcessName : C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
RemediationTime : 10/18/2023 8:19:32 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe, file:_C:\PROGRA~1\Mercury\mercury.exe}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 2
CurrentThreatExecutionStatusID : 1
DetectionID : {8D30A87D-D95E-43BE-9E20-F008AD7D087E}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:18:33 AM
LastThreatStatusChangeTime : 10/18/2023 8:19:30 AM
ProcessName : C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
RemediationTime : 10/18/2023 8:19:30 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe,
file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mercury.lnk,
file:_C:\Users\Catbirby\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\User Pinned\TaskBar\Mercury.lnk, file:_C:\Users\Public\Desktop\Mercury.lnk...}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 3
PSComputerName :
ActionSuccess : True
AdditionalActionsBitMask : 0
AMProductVersion : 4.18.23090.2008
CleaningActionID : 3
CurrentThreatExecutionStatusID : 1
DetectionID : {B4231438-8E21-4519-A99B-C13D6C3B11FD}
DetectionSourceTypeID : 3
DomainUser : SLS\Catbirby
InitialDetectionTime : 10/18/2023 8:27:52 AM
LastThreatStatusChangeTime : 10/18/2023 8:28:13 AM
ProcessName : C:\Program Files\PowerToys\modules\launcher\PowerToys.PowerLauncher.exe
RemediationTime : 10/18/2023 8:28:13 AM
Resources : {file:_C:\Program Files\Mercury\mercury.exe, file:_C:\PROGRA~1\Mercury\mercury.exe}
ThreatID : 2147731849
ThreatStatusErrorCode : 0
ThreatStatusID : 4
PSComputerName :
Interestingly I cannot get it to detect Mercury consistently
Detected as Trojan:Win32/Bearfoos.A!ml in zip, so I've check VT hash and found Installer detect: 12/68 Zip detect: 10/60
First of all, I think I've downloaded 115 and extract overwrite, but in about dialog say I'm still use 112, so I clean entire program folder, extract and open browser, then got alarmed.