Pale Moon detected as ransomware by Acronis
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
- Night Wing
- Knows the dark side
- Posts: 5151
- Joined: 2011-10-03, 10:19
- Location: Piney Woods of Southeast Texas, USA
Re: Pale Moon detected as ransomware by Acronis
What Acronis is telling you is what is called a "false positive" because of the "unknown" in the installer. Acronis is probably geared up for the well known named browsers such as Chrome, Firefox, Safari, Internet Explorer, etc.Lucian Hodoboc wrote:I just updated Pale Moon to the latest version and Acronis Ransomware Protection popped up this notification:
Please, look into this. Don't take this personally, but I trust Acronis and I'm uncertain about whether I should keep Pale Moon on my PC anymore.
Don't take this personally, but I trust Acronis and it's false positive about as far as I can throw a five ton elephant in weight.
And I'll leave it up to your imagination about how far I can throw a five ton elephant in weight.
Linux Mint 21.3 (Virginia) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
MX Linux 23.2 (Libretto) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Linux Debian 12.5 (Bookworm) Xfce w/ Linux Pale Moon, Linux Waterfox, Linux SeaLion, Linux Firefox
Re: Pale Moon detected as ransomware by Acronis
A lot of AV programs often pick up Pale Moon as a false positive. This is usually because the AV has exceptions built in for the major browsers, but not for smaller (yet still legitimate) browsers like Pale Moon.
a.k.a. Ascrod
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Linux Mint 19.3 Cinnamon (64-bit), Debian Bullseye (64-bit), Windows 7 (64-bit)
"As long as there is someone who will appreciate the work involved in the creation, the effort is time well spent." ~ Tetsuzou Kamadani, Cave Story
Re: Pale Moon detected as ransomware by Acronis
What/where are the affected files exactly?
Re: Pale Moon detected as ransomware by Acronis
In other words, Acronis Ransomware has detected a new unknown application which isn't in their malware database and modifies files. Acronis does not know what this process is and gives a notification about the possibility of malware, not even a "positive". The options make it your decision to block or trust.
If I enable Defense+ in Comodo it asks me almost on every installation and first-runs if I want to allow these processes.
That's one of the good parts of security programs, they often trust in our own decisions.
*edit: Just as additional info: Up to 28.2.1 Pale Moon has been checked here on different machines with Malwarebytes AM, AVG, AdwCleaner, Avira, Junkware Removal and other tools, with no suspicious results.
If I enable Defense+ in Comodo it asks me almost on every installation and first-runs if I want to allow these processes.
That's one of the good parts of security programs, they often trust in our own decisions.
*edit: Just as additional info: Up to 28.2.1 Pale Moon has been checked here on different machines with Malwarebytes AM, AVG, AdwCleaner, Avira, Junkware Removal and other tools, with no suspicious results.
Last edited by loxodont on 2018-12-07, 21:07, edited 1 time in total.
Re: Pale Moon detected as ransomware by Acronis
I don't know. I forgot to screenshot the list and I chose to have them restored. From what I can see, Acronis doesn't have an option to show me what files were restored.satrow wrote:What/where are the affected files exactly?
Re: Pale Moon detected as ransomware by Acronis
This just boils down to reading what is on your screen. You can get upset at Acronis for presenting this dialog, or you can read that it says "Possible ransomware detected", which means "We don't know what this application is but it's trying to modify files on your system; what should we do?". It's not detecting it as ransomware at all, just as "an application that we think might be ransomware" and thus deferring to you, the user, to verify that it's something you trust or not.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Pale Moon detected as ransomware by Acronis
Well, if I had Acronis restore the modified files, how come Pale Moon still remained updated? Shouldn't Acronis have replaced the files that were replaced during the update process with the previous ones, therefore reversing Pale Moon to its previous version?Moonchild wrote:This just boils down to reading what is on your screen. You can get upset at Acronis for presenting this dialog, or you can read that it says "Possible ransomware detected", which means "We don't know what this application is but it's trying to modify files on your system; what should we do?". It's not detecting it as ransomware at all, just as "an application that we think might be ransomware" and thus deferring to you, the user, to verify that it's something you trust or not.
Re: Pale Moon detected as ransomware by Acronis
... No.Lucian Hodoboc wrote:Well, if I had Acronis restore the modified files, how come Pale Moon still remained updated? Shouldn't Acronis have replaced the files that were replaced during the update process with the previous ones
If you restore the modified files, it means you are acting as if acronis had not interfered.
In the case of an update, Acronis interfered and reverted the updated/changed files to their previous state (undoing the update for those files) and placing the new version files in its "quarantine". if you restore the quarantined files, i.e. the modified files, i.e. the files after update, then you are restoring the updated version.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite