This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

VirusTotal, Cylance and MaxSecure flag Firefox Installer as Trojan

  • 4 replies
  • 0 have this problem
  • 13 views
  • Last reply by Antony06

more options

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan.

VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1
Attached screenshots

All Replies (4)

more options

That's read like what a "Malware/Virus" infection would say. What security software do you have installed?

more options

Antony06 said

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1

Cylance is shwing as green on that page though Cylance allegedly having a unsafe result means nothing as they give a false positive way too frequently over the years on virustotal. Cylance, Clam, Antiy-AVL, and Jiangmin (and also Norton at times) have done "False Positives" frequently over the years.

It looks like it is having a issue with 7zS.sfx (look in details on page) which is the 7-ZIP self extractor used since early on and these mentioned antivirus get the occasional false positive hit on that.

Firefox setups for Windows have been self-extracting 7z since Firefox 0.8 (Feb 2004)

They tend to do it with the small online stub installer (which you uploaded) but not the full offline setup for Windows from say https://www.mozilla.org/firefox/all/#product-desktop-release

Would not really trust MaxSecure https://www.reddit.com/r/antivirus/comments/rz7gzn/maxsecure_the_antivirus_i_dont_recommend/

Modified by James

more options

It looks like Cylance updated and now only MaxSecure (who is this?) has a detection for the setup-stub.exe file.

It's not unusual for one of the lesser known engines to cough at a Firefox installer because it uses a self-expanding 7-zip archive, and so do many malware, so at the surface level, it might seem suspicious.

You could try using the full/offline installer if you don't want to use the stub installer. See: Custom installation of Firefox on Windows.

more options

James said

Antony06 said

VirusTotal, Cylance and MaxSecure flag Firefox Installer.exe Ro vers., as Trojan. VirusTotal link: https://www.virustotal.com/gui/file/b603c44052222cc1bb4b9946a0d3b526411b9dd5e4ca82cfe30f3d3ff9e27b81?nocache=1

Cylance is shwing as green on that page though Cylance allegedly having a unsafe result means nothing as they give a false positive way too frequently over the years on virustotal. Cylance, Clam, Antiy-AVL, and Jiangmin (and also Norton at times) have done "False Positives" frequently over the years.

It looks like it is having a issue with 7zS.sfx (look in details on page) which is the 7-ZIP self extractor used since early on and these mentioned antivirus get the occasional false positive hit on that.

Firefox setups for Windows have been self-extracting 7z since Firefox 0.8 (Feb 2004)

They tend to do it with the small online stub installer (which you uploaded) but not the full offline setup for Windows from say https://www.mozilla.org/firefox/all/#product-desktop-release

Would not really trust MaxSecure https://www.reddit.com/r/antivirus/comments/rz7gzn/maxsecure_the_antivirus_i_dont_recommend/

I reported the file to Cylance as a false positive, that's why it's showing green now, but for MaxSecure I couldn't find where to report for a false positive. Maybe someone at Firefox can get in touch with them. Maybe someone from Firefox should scan the file with virustotal before putting it to download.