Pale Moon forum

I just updated Pale Moon to the latest version and Acronis Ransomware Protection popped up this notification:



Please, look into this. Don't take this personally, but I trust Acronis and I'm uncertain about whether I should keep Pale Moon on my PC anymore.

Lucian Hodoboc wrote:I just updated Pale Moon to the latest version and Acronis Ransomware Protection popped up this notification:

Please, look into this. Don't take this personally, but I trust Acronis and I'm uncertain about whether I should keep Pale Moon on my PC anymore.

What Acronis is telling you is what is called a "false positive" because of the "unknown" in the installer. Acronis is probably geared up for the well known named browsers such as Chrome, Firefox, Safari, Internet Explorer, etc.

Don't take this personally, but I trust Acronis and it's false positive about as far as I can throw a five ton elephant in weight.

And I'll leave it up to your imagination about how far I can throw a five ton elephant in weight.

A lot of AV programs often pick up Pale Moon as a false positive. This is usually because the AV has exceptions built in for the major browsers, but not for smaller (yet still legitimate) browsers like Pale Moon.

What/where are the affected files exactly?

In other words, Acronis Ransomware has detected a new unknown application which isn't in their malware database and modifies files. Acronis does not know what this process is and gives a notification about the possibility of malware, not even a "positive". The options make it your decision to block or trust.
If I enable Defense+ in Comodo it asks me almost on every installation and first-runs if I want to allow these processes.
That's one of the good parts of security programs, they often trust in our own decisions.

*edit: Just as additional info: Up to 28.2.1 Pale Moon has been checked here on different machines with Malwarebytes AM, AVG, AdwCleaner, Avira, Junkware Removal and other tools, with no suspicious results.

satrow wrote:What/where are the affected files exactly?

I don't know. I forgot to screenshot the list and I chose to have them restored. From what I can see, Acronis doesn't have an option to show me what files were restored.

This just boils down to reading what is on your screen. You can get upset at Acronis for presenting this dialog, or you can read that it says "Possible ransomware detected", which means "We don't know what this application is but it's trying to modify files on your system; what should we do?". It's not detecting it as ransomware at all, just as "an application that we think might be ransomware" and thus deferring to you, the user, to verify that it's something you trust or not.

Moonchild wrote:This just boils down to reading what is on your screen. You can get upset at Acronis for presenting this dialog, or you can read that it says "Possible ransomware detected", which means "We don't know what this application is but it's trying to modify files on your system; what should we do?". It's not detecting it as ransomware at all, just as "an application that we think might be ransomware" and thus deferring to you, the user, to verify that it's something you trust or not.

Well, if I had Acronis restore the modified files, how come Pale Moon still remained updated? Shouldn't Acronis have replaced the files that were replaced during the update process with the previous ones, therefore reversing Pale Moon to its previous version?

Lucian Hodoboc wrote:Well, if I had Acronis restore the modified files, how come Pale Moon still remained updated? Shouldn't Acronis have replaced the files that were replaced during the update process with the previous ones

... No.

If you restore the modified files, it means you are acting as if acronis had not interfered.

In the case of an update, Acronis interfered and reverted the updated/changed files to their previous state (undoing the update for those files) and placing the new version files in its "quarantine". if you restore the quarantined files, i.e. the modified files, i.e. the files after update, then you are restoring the updated version.