-
-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mercury triggers windows defender (not just smartscreen) #39
Comments
Good day! I also encounter the same instance for version 115.3.0. Thank you! |
@L3-NR @Tachyon711 It didn't for me when I tried it. |
Same happened to me but 24 hours after installation. |
@GGoose I tried following a guide to sign the .exe to help prevent this from happening, but I need a CA from microsoft to do it properly (otherwise im just using a self-signed CA, and unless you have that CA installed on your system, it wont work), and that costs alot of money. So IDK I guess people will just have to "trust me bro" that these aren't malicious, or compile them yourself. |
And here's the Firefox Installer: I installed it via the |
@kenny-kvibe FUCK I thought I had this resolved. At this point in must be related to not signing the .exe since that costs alot of money. I have got to fix this! It is NOT malicious at all, you can compile it yourself and compare the binaries and see that they are the same. |
WoW, i'll compile it myself, Awesome project man 👍🏼 |
@Alex313031 no worries, I know it's not malware, some people don't update MS Defender's local database so perhaps that's why it displays mercury as a virus to them. I suggest you create a document with your virus scan results and attach your project as proof and send this document to those 2 vendors that flagged it and to MS Security Team (https://info.microsoft.com/ww-landing-security-generic-contact-me.html) to make them do a scan their selves and flag it appropriately, I mean try a free route before spending your money, it could pay off. The vendors that flagged it on VirusTotal are To resolve this, vendors usually flag trusted programs virus detections as false-positive and then it passes as clean, although the program was unchanged, that's how the other vendors flagged it as "OK" (because they have the latest false-positives of firefox). This is just a signing certificate problem, which if "verified cert" is present it is a sign that it's a non-malicious program (for the vendor and a vendor-trusting user), so I presume the security vendors trust that program more by doing less detailed scans - ignoring some patterns based on the cert, or something like that I imagine. There are always problems with certs even legit ones, but it's not the only solution here because it's a legit firefox rebuild, so it must pass, if you do nothing about it it will pass some day (when they stop lagging and when everyone updates their local db at home), but if you contact them you could speed the process a lot more and keep it self-signed, or buy the cert for an even faster way but DAMN it's a big price for some user-useless bytes that don't even execute in the program. Also letting you know, when you sign a program with a cert the bytes change because you're essentially adding a few new bytes into your binary header Been using it for some hours now and it's just awesome. |
Hey mate! I literally created a Github account just to post this comment because it has really concerned me. I've been using Thorium and it's brilliant. I wanted to try something on a Firefox fork so I downloaded this (Mercury) and windows (10) immediately deleted the file... So I downloaded it again, at which point no joke it instantly deleted the file, crashed and UNINSTALLED Thorium browser entirely from my system, then when I restarted it told me Windows is initialising updates, and upon rebooting my network drivers were dysfunctional. This is highly concerning no? I have literally never had any such thing happen before in 10 years and am worried my system is infected in some way. Wat do? |
@lore-sun All you have to do for the time being is allow the Mercury.exe to run on your OS through Windows Defender or whatever Antivirus you use. Alex says it isn’t malicious and as far as I know, no one is complaining about serious issues that you would normally find from real viruses. And regarding Thorium uninstalling from this issue I have no idea how that can happen from a different browser that isn’t even based off Chromium. In the end it’s your choice whether you want to use this browser or not. Just know it’s relatively safe. |
@GGoose Strange though right? |
30 seconds after installation, windows defender deleted the .exe without user input, flagging it as a "severe" level threat.
I believe that it's not malware, but i'd rather not turn defender off.
The text was updated successfully, but these errors were encountered: