I can’t be sure that ccsetup629.zip was a false positive because I submitted my false positive report to Microsoft at https://www.microsoft.com/en-us/wdsi/filesubmission on 20-Oct-2024, and the last time I checked my submission history on or around 09-Nov-2024 they still hadn’t analyzed the file (Status = Submitted).
Submissions details are supposed to be retained for “up to 30 days” but when I checked my submission history today it was showing “0 of 0 entries” after only 28 days.
… and further to my previous post I just ran a manual scan today on 17-Nov-2024 of both my downloaded ccsetup630.zip files (saved in different subfolders in my C:\Users<myusername>\Downloads folder) with MS Defender virus definition set 1.421.334.0, and both were detected as Trojan:Win32/Sonbokli.A!cl and quarantined, so the problem definitely hasn’t gone away.
Understood. Maybe MS is late / forgot to update the status because v6.29 portable hasn’t been quarantined for me approximately after November 17th. I still have the file.
Same old, same old. My Firefox browser throws a warning every time I try to download ccsetup631.zip (rel. 11-Dec-2024), and if I allow the download to proceed and then right-click the downloaded ZIP file to try and unzip it is immediately quarantined by my MS Defender antivirus as Trojan:Win32/Sonbokli.A!cl.
I’m currently on virus definition set v1.421.774.0. If I submit the downloaded ccsetup631.zip file to VirusTotal before I try to unzip it the report at https://www.virustotal.com/gui/file/b46536583aeb52000a5caef55e6a0b0dc05bfc93841bb08d59049ad919fe7ad3 shows a detection rate of only 1/63. Since VirusTotal only does a flat-file check of the SHA-256 hash to see if it’s been blacklisted as known malware I have to assume that the Trojan:Win32/Sonbokli.A!cl detection is either some sort of heuristic (behaviour-based) detection or that there’s a problem with one of the files bundled inside ccsetup631.zip.
I’m not going to bother filing a third false positive report on the Microsoft Security Intelligence Portal at https://www.microsoft.com/en-us/wdsi/filesubmission until I see some evidence that the Avast / Piriform staff is doing something more than just uploading ccsetup631.zip to VirusTotal for a SHA-256 hash check per your 29-Oct-2024 post <above>.
I don’t know if something has radically changed with the Portable .zip files since CCleaner v6.29 was released (e.g., if Avast / Piriform bundled some sort of spyware inside the wrapper after they introduced forced updating of versions more than one year old in v6.29), or if the majority of CCleaner Free Portable users have simply abandoned this utility since the fiasco in May 2024 when Avast / Piriform temporarily turned off the Custom Clean feature without warning (see Sectorgz’s CCleaner 6.24.11060 will not do a Custom Clean). Whatever the cause, none of this bodes well for the CCleaner brand.
I would check your Firefox security setting, if it’s been changed to ‘Strict’ then it can block things by mistake.
There is a warning on the Strict setting that it can cause issues:
If you are referring to Settings | Privacy & Security | Browser Protection | Enhanced Tracking Protection, mine is set to Standard.
Since I live in Canada, there might be all sorts of differences between our default Firefox settings. For example, the default DNS over HTTPS (DoH) provider in Canada is CIRA Canadian Shield and I use Maximum Protection so my browser always uses a secure DNS.
Regardless, before CCleaner Free Portable v6.29 was released in Oct 2024 I was using the same browser security settings and never had a problem with previous ccsetup6xx.zip downloads, and even if my Firefox security settings are too strict that wouldn’t explain the Trojan:Win32/Sonbokli.A!cl detections by Microsoft Defender AFTER I ignore the Firefox warning and allow the file to download. I’ve also never seen this type of behaviour with any of the .zip files I download for my other 30 or so portable apps.
I guess I’ll just have to move on and and find a replacement for CCleaner Free Portable.
You don’t have to do that. Just wait and MS Defender Security intelligence update will eventually resolve the issue. 6.31 portable downloads and opens fine for me now.
