Label Updater so Windows RansomWare knows what it is.

[Midnex]

Description

When Brave attempts to update it runs an exe called setup.exe. This program is generically named and flagged by Windows Ransomware protection. It simply sees it as Setup.exe with no further information. Searching for the file and seeing it has the same time stamp as the alert finally made me realize it was Brave trying to update, though I had it blocked via Ransomware protection.

Steps to Reproduce

1. Enable Ransom Ware Protection in Windows
2. Attempt to update Brave
3. Watch as windows flags and blocks the installation.

Expected result:

To show BraveSetup.exe or something to say its not some generic virus trying to be installed. I blocked if for 4 months till I finally decided to check it out.

[rebron]

cc: @Brave-Matt Do you see any more reports on this, being flagged/blocked by Windows Ransomware? I'd think we'd see more reports.

[Midnex]

I can't imagine you would see too many more, as Ransomware Protection isn't super popular or on by default. Then pairing it with the inability of windows to say who the vendor of a piece of software belongs too. All they get is setup.exe with no further info. Digging deeper into things was the only reason I found it.

@rebron

[mkarolin]

Not sure what specifically causes Windows Defender to identify the exe as ransomware, but getting an EV signing cert may help with Windows Defender in general (https://blogs.msdn.microsoft.com/ie/2012/08/14/microsoft-smartscreen-extended-validation-ev-code-signing-certificates/)

[Midnex]

Windows Defender is not identifying it as ransomware. It is blocking access to it, as it is trying to access folders it does not have privileges to access. In this case %common_desktop%, from application setup.exe. As it is a controlled folder

What Ransomware Protection does when enabled is locked down key location, where users store their files. Such as The Desktop, My Documents, and other key areas. It also protections certain memory addresses and system files. Thus ransomware cannot encrypt your data without you giving it access by selecting Allow on device.

Since Brave's updater is named setup.exe, Accessing %common_desktop% it is blocking it by default as intended by default settings. Every time the application changes, it will alert the user it has been blocked and they can allow access if they trust it.

And again since it named setup.exe, little to no one will accept it blindly.

Thus resolution is to change the setup.exe to BraveSetup.exe or similar to be identified by the user when it triggers an alert from Ransomware Protection.

It would be an extremely easy fix.