Windows AV blocking opening zen.exe due to virus/trojan found in the executable.

[TrueHerobrine]

[mauro-balades]

virus detection websites dont detect anything so I dont know why is windows AV complaining...

[TrueHerobrine]

I might try to whitelist the exe. I'll get back with an update.

[TrueHerobrine]

Update: Just tried again without adding an exception and it works flawlessly. TLDR: Windows is weird.

[mauro-balades]

Windows is weird. Thanks a lot for trying it out!

[TrueHerobrine]

No worries! Found it on Reddit and was actually very impressed. I have my own browser but I'm not forking it off of anything, so it's cool to see an indie browser thriving like this!

[DavidGreen63]

In the last 30 minutes, while I was accessing a site, using version 1.0.0-a.29 (64-bit), Windows Defender terminated the App and deleted the core executable.

[clembu]

Same happened to me. Admittedly my Defender is very weird and Windows Security crashes when I try to open it, so I can't open the UI to add exclusions or inspect things that way, but a.28 works

[danmaxis]

It happened to me too, mine Zen was flagged by Kaspersky when I tried to import data from another browser.

[Meathelix1]

Windows 11
Version 10.0.22631 Build 22631

Zen was installed directly from the website. https://www.zen-browser.app/

Windows Defender Picked it up as soon as I opened Zen.exe

Trojan Name = "Wacatac.B!ml"

I dont want to be excluding something with that name, a quick google search will show you this is a popular one.

[Xavi-X333]

I have the same problem, first the core executable was deleted and then a can't download the installer :/

[DavidGreen63]

Maybe it is an issue that will fade once Zen gets a signature, but as it stands, its normal operations are being flagged as Malware/Trojan like. I think I'll look into Zen again once it gets a little less alpha or beta-ish.

[Meathelix1]

The Generic Version does not pick up as a Trojan. It's just the Optimized Version.

[HamzaConcepts]

Virustotal is also showing it as some trojan script. Are all of these just false positives?

[extropyst]

Check this information:
https://virustotal.readme.io/docs/false-positive

and try also analyzing the file in other places like:

https://internxt.com/virus-scanner

https://opentip.kaspersky.com/

[jakehower]

Getting blocked for me too.

[soulhax]

Exactly the same problem as others are having. Also the installer is detected as PUA:Win32/Packunwan.
Idk but I'm not satisfied with the answer "Windows is weird". I guess we're going to wait until this exe and thing are going to be signed and stuff. Peace.

[MatfenV1]

Same issue here, it worked just fine when I installed it on my desktop but my laptop refuses installing it.

[Abelkrijgtalles]

Same here (Windows 11 Pro 23h2)

[J-Cake]

Just wanted to report that this is still happening. System: Windows 11 Pro 22H2 Build: 22621.3880

[MikeyA-yo]

I also get this same trojan script, this made me uninstall zen immediately

[Abelkrijgtalles]

Could this maybe have a connection to the new windows defender update? 1.0.0-a.29 was released 2 days ago, but this problem only started about 9 hours ago.

EDIT: The latest update I've installed (defender version 1.417.317.0), doesn't include anything about Trojan:Script/Wacatac.B!ml.

[alexmro]

Just tried to install the Zen browser on a Windows 10 and it blocks it claiming that there's a "PUA:Win32/Packunwan" virus

[DavidGreen63]

I am on Win 10 Pro, and after the core executable was annexed, I attempted to uninstall. The uninstall would not function, which did surprise me. Maybe the missing file was causing the uninstaller to fail.
I just deleted the folder where the application had been stored.
Judging from the previous posts on this thread, I will definitely consider carefully before any re-install before a signed binary is available.

[J-Cake]

False positives can also be reported at https://www.microsoft.com/en-us/wdsi/filesubmission/ and maybe they will take care of it

Knowing Microsoft they'll probably keep letting Windows Defender bitch about it because their pride and joy Edge is being actually challenged

[wakeuphaku]

In the end, everyone decided that the defender deceives everyone

[Iziram]

1.0.0-a.30 seems fine for now. I hope Windows Defender is not gonna go off again.

[FelipeGlauber]

Here just to give @mauro-balades a huge THANK YOU and share my great admiration by his professionalism and humble talk with people here, assuming his limitations. For me as a development student you gave me some inspiration.

[sitiom]

This is preventing the winget package from being merged:

• New package: Zen-Team.Zen-Browser.Optimized version 1.0.0-a.31 microsoft/winget-pkgs#168942

[nsde]

I love this browser, but unfortunately it suddenly got deleted by Kaspersky.
In hope of helping devs, I will provide as much info about this as possible:

• AV: Kaspersky Free

Event: Object deleted
Application: Zen Browser
User: FIERY\Lynx
User type: Initiator
Component: System Watcher
Result description: Deleted
Type: Trojan
Name: PDM:Trojan.Win32.Generic
Threat level: High
Object type: Process
Object path: C:\Program Files\Zen Browser
Object name: zen.exe
MD5: F65A002208E471404726B4142AEC8550

[szpatrik5]

a30 with eset av:

[mauro-balades]

Arghhhh the windows key didnt arive yet

[BearDad]

in version

with zen version:
1.0.0-a.30 (64-bit)

it does not get picked up by windows defender. Though the untrusted souce persists and should be fixed once it's signed

[rollingmoai]

In a couple of days, I'll receive a mail with a physical key and I'll need to figure out how to use it

@mauro-balades How can you automate signing builds with a physical key?

[mauro-balades]

I can't, I'll have to sign it and reupload

[StefanKoell]

When you order a code signing certificate, you can either order one on a physical key (USB device) or you can order a cert which integrates with a Key Vault service (such as Azure Key Vault). In the latter case, you can setup scripts to automate the signing process. Unfortunately there's no way to extract the certificate with the private key information from the physical device. Last time I checked, you can actually extract the certificate with the private key from Azure Key Vault and use the cert in a CI pipeline using the sign tool and the extracted cert file.

[CptnFizzbin]

I can't, I'll have to sign it and reupload

Might be good to look into setting up a cert in Azure Vault so that trusted pipelines can do automatic signing. I can see having to manually perform the signing will get old real quick.

[nevotheless]

I was able to install it but after 2 days windows security says the zen.installer.exe is a potential PUA:Win32/Packunwan.

Current VT

[mauro-balades]

Update:

[rengare]

[mauro-balades]

I dont think these vulnerabilities have to do with zen, I tried updating them but it just breaks surfer

[jgcabotd]

Hi guys, just yesterday I tried the browser and when I start it, in a few seconds Kaspersky killed the process and detected as a Trojan zen.exe.

There is a screenshot so you can see what happened.

[soulhax]

Any update on the signing of the exe?

[oslohes123]

Any update on the signing of the exe?

@mauro-balades any updates of the above?

[mauro-balades]

The license is getting approved by certum

[jgonzales20]

This would be a great browser to use for work but there are currently false positives that won't let it get approved by IT. Glad to hear a license is getting acquired. Here are some of my scanner results

http://www.hybrid-analysis.com/sample/d67a453b2505863b830530e87ff455fc1a95084273dd83c74d4ab409e4f5300e/66df1a31f85fc2840b00d2f0

mitre_d67a453b2505863b830530e87ff455fc1a95084273dd83c74d4ab409e4f5300e_160.csv