If you are a user of the Tor Browser, you may have encountered a problem recently. Microsoft Defender, the built-in antivirus software in Windows, has flagged the tor.exe file as a Trojan and removed it from the system. This prevents the Tor Browser from working properly and may compromise your privacy and security.

What is Tor Browser and why is it important?

Tor Browser is a web browser that allows you to browse the internet anonymously and access websites that are blocked or censored. It does this by routing your traffic through a network of volunteer servers called Tor nodes, which hide your IP address and location from the websites you visit. Tor Browser also blocks trackers, ads, and scripts that can identify you or harm your device.

Tor Browser is important for people who value their privacy and freedom online. It can help you protect yourself from surveillance, censorship, and hacking. It can also help you access information that is not available in your region or country, such as news, social media, or whistleblowing platforms.

Why did Microsoft Defender flag Tor Browser as a Trojan?

Microsoft Defender is a software that scans your device for viruses, malware, and other threats. It uses a database of known malicious files and behaviors to detect and remove them. However, sometimes it can make mistakes and flag legitimate files or programs as harmful. This is called a false positive.

On September 30, 2023, Microsoft Defender started to flag the tor.exe file as a Trojan:Win32/Malgent!MTB1. This file is part of the Tor Browser and is responsible for connecting to the Tor network. Microsoft Defender quarantined the file and prevented it from running, which caused the Tor Browser to stop working.

The reason why Microsoft Defender flagged the tor.exe file as a Trojan is not clear. It could be due to a bug, an update, or a deliberate attempt to block the Tor Browser. Some users speculated that it was related to a security update that the Tor Browser received on the same day2, which closed a vulnerability that could allow an attacker to execute arbitrary code on the user’s device3. However, this has not been confirmed by Microsoft or the Tor Project.

How to fix this problem and restore your Tor Browser?

If you are affected by this problem and want to restore your Tor Browser, you have two options:

• Option 1: Update your Microsoft Defender and unquarantine the tor.exe file. Microsoft has acknowledged that the tor.exe file does not meet their criteria for malware or potentially unwanted applications, and has removed the detection4. To clear the cached detections and obtain the latest malware definitions, you need to open command prompt as administrator and change directory to c:\Program Files\Windows Defender. Then run “MpCmdRun.exe -removedefinitions -dynamicsignatures” and “MpCmdRun.exe -SignatureUpdate”. Alternatively, you can download the latest definition from here. After updating your Microsoft Defender, you can unquarantine the tor.exe file from Windows Security settings.
• Option 2: Reinstall the Tor Browser by downloading it from the Tor Project website. Before installing it, make sure you check the signature of the downloaded file to verify its authenticity. You can find instructions on how to do this here. After installing the Tor Browser, you may need to add an exception for it in Windows Security settings to prevent future false positives.