Pale Moon detected as ransomware by Acronis

Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.

This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.

Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Lucian Hodoboc

Pale Moon detected as ransomware by Acronis

Unread post by Lucian Hodoboc » 2018-12-07, 18:34

I just updated Pale Moon to the latest version and Acronis Ransomware Protection popped up this notification:

Image

Please, look into this. Don't take this personally, but I trust Acronis and I'm uncertain about whether I should keep Pale Moon on my PC anymore. :wtf:

User avatar
Night Wing
Knows the dark side
Knows the dark side
Posts: 5151
Joined: 2011-10-03, 10:19
Location: Piney Woods of Southeast Texas, USA

Re: Pale Moon detected as ransomware by Acronis

Unread post by Night Wing » 2018-12-07, 18:49

Lucian Hodoboc wrote:I just updated Pale Moon to the latest version and Acronis Ransomware Protection popped up this notification:

Please, look into this. Don't take this personally, but I trust Acronis and I'm uncertain about whether I should keep Pale Moon on my PC anymore. :wtf:
What Acronis is telling you is what is called a "false positive" because of the "unknown" in the installer. Acronis is probably geared up for the well known named browsers such as Chrome, Firefox, Safari, Internet Explorer, etc.

Don't take this personally, but I trust Acronis and it's false positive about as far as I can throw a five ton elephant in weight.

And I'll leave it up to your imagination about how far I can throw a five ton elephant in weight.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox

User avatar
Isengrim
Board Warrior
Board Warrior
Posts: 1325
Joined: 2015-09-08, 22:54
Location: 127.0.0.1
Contact:

Re: Pale Moon detected as ransomware by Acronis

Unread post by Isengrim » 2018-12-07, 18:52

A lot of AV programs often pick up Pale Moon as a false positive. This is usually because the AV has exceptions built in for the major browsers, but not for smaller (yet still legitimate) browsers like Pale Moon.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story

User avatar
satrow
Forum staff
Forum staff
Posts: 1884
Joined: 2011-09-08, 11:27

Re: Pale Moon detected as ransomware by Acronis

Unread post by satrow » 2018-12-07, 19:50

What/where are the affected files exactly?

User avatar
loxodont
Astronaut
Astronaut
Posts: 725
Joined: 2014-07-26, 23:03
Location: Mare Serenitatis

Re: Pale Moon detected as ransomware by Acronis

Unread post by loxodont » 2018-12-07, 20:05

In other words, Acronis Ransomware has detected a new unknown application which isn't in their malware database and modifies files. Acronis does not know what this process is and gives a notification about the possibility of malware, not even a "positive". The options make it your decision to block or trust.
If I enable Defense+ in Comodo it asks me almost on every installation and first-runs if I want to allow these processes.
That's one of the good parts of security programs, they often trust in our own decisions.

*edit: Just as additional info: Up to 28.2.1 Pale Moon has been checked here on different machines with Malwarebytes AM, AVG, AdwCleaner, Avira, Junkware Removal and other tools, with no suspicious results.
Last edited by loxodont on 2018-12-07, 21:07, edited 1 time in total.

Lucian Hodoboc

Re: Pale Moon detected as ransomware by Acronis

Unread post by Lucian Hodoboc » 2018-12-08, 10:05

satrow wrote:What/where are the affected files exactly?
I don't know. I forgot to screenshot the list and I chose to have them restored. From what I can see, Acronis doesn't have an option to show me what files were restored. :think:

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Pale Moon detected as ransomware by Acronis

Unread post by Moonchild » 2018-12-08, 10:51

This just boils down to reading what is on your screen. You can get upset at Acronis for presenting this dialog, or you can read that it says "Possible ransomware detected", which means "We don't know what this application is but it's trying to modify files on your system; what should we do?". It's not detecting it as ransomware at all, just as "an application that we think might be ransomware" and thus deferring to you, the user, to verify that it's something you trust or not.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Lucian Hodoboc

Re: Pale Moon detected as ransomware by Acronis

Unread post by Lucian Hodoboc » 2018-12-08, 12:55

Moonchild wrote:This just boils down to reading what is on your screen. You can get upset at Acronis for presenting this dialog, or you can read that it says "Possible ransomware detected", which means "We don't know what this application is but it's trying to modify files on your system; what should we do?". It's not detecting it as ransomware at all, just as "an application that we think might be ransomware" and thus deferring to you, the user, to verify that it's something you trust or not.
Well, if I had Acronis restore the modified files, how come Pale Moon still remained updated? Shouldn't Acronis have replaced the files that were replaced during the update process with the previous ones, therefore reversing Pale Moon to its previous version? :?

User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

Re: Pale Moon detected as ransomware by Acronis

Unread post by Moonchild » 2018-12-08, 13:42

Lucian Hodoboc wrote:Well, if I had Acronis restore the modified files, how come Pale Moon still remained updated? Shouldn't Acronis have replaced the files that were replaced during the update process with the previous ones
... No.

If you restore the modified files, it means you are acting as if acronis had not interfered.

In the case of an update, Acronis interfered and reverted the updated/changed files to their previous state (undoing the update for those files) and placing the new version files in its "quarantine". if you restore the quarantined files, i.e. the modified files, i.e. the files after update, then you are restoring the updated version.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked