Upcoming Changes to some Nirsoft tools (download now while available)

Martin Brinkmann
Sep 22, 2014
Updated • Aug 11, 2019

If you ask Windows professionals and experienced users about tools that they like and use a lot, chance is that Nirsoft and the programs created by Nir Sofer make that top list.

All Nirsoft programs are portable, very functional and easy to use. There are dozens of them for many different purposes like CurrPorts for a quick list of all open ports on the system. SearchMyFiles to locate files on the system or ShellExView to manage Shell extensions easily on the system.

Nirsoft has released security related tools as well, for instance some that display passwords saved in web browsers or email clients.

Downloads of Nirsoft applications or even access to the website may have been blocked in the past by security software installed on the system. I was notified about this by users here on the site who complained about that when I reviewed Nirsoft programs but cannot imagine how much emails Nir Sofer must have received about this on a weekly basis.

A blog post today sheds some light on this and how things have changed in recent time. Google started to tighten the security of the Chrome browser and things started to get worth as a consequence; Nirsoft programs and the website itself were not only blocked by some antivirus applications anymore but also by a browser that is widely in use.

To make matters worse, Mozilla is using Google's Safebrowsing information so that Firefox blocked the same pages and programs as the Chrome browser.

I assumed that the blocking was done in error but Nirsoft seems to believe that this is not the case. While all of the programs can be used for good, some can also be used for bad things such as recovering passwords on a user system without the user knowing about it if access is gained to the data.

Nir Sofer identified the command line versions of his password recovery tools as the main culprits and decided to remove the command line options from these tools.

He hopes that the removal will lead to less blocking of programs and the website itself by antivirus software which in turn may lower the chance that Google Chrome and Mozilla Firefox do the same thing.

Now, these command line tools are not gone and the current plan seems to be to move them to another website instead to avoid them having an impact on the main Nirsoft website.

It is not clear when the changes will be carried out. For now, you can still download the programs from the Nirsoft website and if you rely on them, may want to do so especially if you require the command line version of these tools. The easiest way to do that is to download the NirLauncher Package from here.

You may get an error here depending on which browser you use. Firefox refused the download for instance as you can see on the screenshot above.  If you use Firefox, you can disable Google's Safe Browsing for example and Chrome users can do the same in their browser.

Upcoming Changes to some Nirsoft tools (download now while available)
Article Name
Upcoming Changes to some Nirsoft tools (download now while available)
The command line versions of some Nirsoft applications will be removed in the near future due to them causing browsers and programs to block downloads and access to the website.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. PW said on December 6, 2014 at 3:14 pm

    Interesting article.
    If anyone is still following this article, I just tried to get to the site today, where I have gone to it previously but not for some months.
    Now, it is blocked from that side, with the following window:

    This site has been blocked by the network administrator.
    URL: http://www.nirsoft.net/

    Block reason: Forbidden Category “Pay to Surf Sites”

    1. Aland said on September 24, 2015 at 9:41 pm

      I’m having the same problem with SonicWall bocking NIRSOFT and made a request to have it removed.
      I interpret the following response as the request being unsuccessful:

      You submitted the following rating request to SonicWALL CFS Support:
      Rate nirsoft.net as “27.Information Tech/Computers” at 2015-09-24 07:25:14.590

      The request has been reviewed and rated as: “50.Pay to Surf” at 2015-09-24 07:30:15.197

  2. chesscanoe said on September 25, 2014 at 5:38 pm

    Running Win7x64 Home and Fx 32.0.3, I had no trouble downloading the Nirlauncher Package from
    http://download2.nirsoft.net/nirsoft_package_1.19.1.zip . Extracting it caused Microsoft Security Essentials Prerelease to pop a warning message on 5 of the files. I simply closed each warning message by clicking its “X”. I later opened MSEP and allowed each of those files to be ignored by MSEP. I did not know of many of the files in Nirlauncher Package, and of those I’ve now tested, they all work very well. Thanks for the super tip.

  3. Zeus said on September 25, 2014 at 2:48 am

    Thanks for the advice! I have 8GB of RAM, and 64-bit browsing is something I always wanted to try, so I installed Pale Moon 64 and ported over my Firefox profile without any problem.

    As for plugins, the only ones I wanted were Flash and Silverlight (for Hulu/Netflix/YouTube), and both 64 versions seem to be working perfectly! :)

    I’m using a Firefox Persona called “Firefox Carbon” and overall it looks really nice. Plus, this feels more like a web browser to me, and less like… whatever Firefox is in the process of slowly becoming. ;)

  4. BKV said on September 24, 2014 at 11:43 pm

    64-bit of Pale Moon. I’m on using it on 2 of my systems, and I’m pleased with it.
    Haven’t used actual Firefox in a long time.

  5. Zeus said on September 24, 2014 at 10:14 pm

    Honestly, guys, I think this might be the straw that broke the camel’s back.

    I think I might finally switch over to Pale Moon.

    Does anyone recommend the 32 or 64-bit version of Pale Moon? I’m on Win 7 64-bit Pro.

    1. Peter CM said on September 25, 2014 at 2:35 am

      When I started using Pale Moon as my default browser, I switched from 64-bit Pale Moon to 32-bit Pale Moon because there are still a lot of plug-ins that aren’t offered in 64-bit versions and because I have only 4GB of RAM. I haven’t noticed a big difference between the two, although some people say that 64-bit Pale Moon runs a bit more slowly. I also got the distinct impression that 64-bit Pale Moon used somewhat more baseline RAM than 32-bit does. I’d say if you’ve got ≤4GB of RAM, go with 32-bit Pale Moon, and if you’ve got >4GB and have memory-hogging extensions installed (like AdBlock Plus) and/or tend to run sessions with large numbers of tabs (≥ … 90? 100?), go with 64-bit unless there are some unsupported plug-ins you can’t live without.

      By the way, take a look at Pale Moon’s instructions for replicating your Firefox profile in Pale Moon. They’re pretty straightforward. Good luck!

  6. Leandro said on September 23, 2014 at 6:44 pm

    Good for me I’m an advanced user and do not use any firewall (execpt windows’) nor antivirus.
    Hail to the freedom and cpu usage = 0%!
    Now, Nirsoft could make all it’s tools available for download via torrent. Besides packing them executables with UPX and/or changing it’s .exe signature/header may prevent these antivirus from sniffin them.

  7. hum said on September 23, 2014 at 5:37 pm

    NirLauncher is already lacking some proper versions of the password-recovery-tools, i.e. all programs modified on September 17th.

    EDIT: Last version before the change:


  8. CoolCatBad said on September 23, 2014 at 1:37 pm

    “password recovery tools”, that is what triggers the malware alerts, Magical Jelly Bean Keyfinder does the same.

    Nir Sofer is one righteous coder, I think he should sue for Defamation.

  9. G446 said on September 23, 2014 at 1:37 pm

    WSCC (which file size on download is smaller than that of NirLauncher Package) is usually updated days after the latest release version of NirLauncher Package. The latter package’s latest version has a perfect detection ratio from VirusTotal.

    @Peter CM Pale Moon has no support for Google SafeBrowsing. It is recommended for now to download NirSoft’s programs from browsers that has Google SafeBrowsing disabled, and via download managers.

  10. Uhtred said on September 23, 2014 at 11:08 am

    firefox 30.0.2 downloaded fine
    but Malwarebytes Anti-Malware doesn’t like the password thing
    Malware Database: v2014.09.23.03
    Rootkit Database: v2014.09.19.01
    Files: 1
    PUP.Nirsoft.AsteriskPasswords, C:\Users\…\Downloads\nirsoft_package_1.18.76.zip, Quarantined, [a966b23f522963d37abaa36fd23357a9],

  11. Peter CM said on September 23, 2014 at 3:05 am

    The latest version of Pale Moon (a Firefox fork) downloaded NirSoft Launcher, GEGeek Tech Toolkit, and WSCC (Windows System Control Center) without a hiccup. Of course, there’s probably no reason for WSCC to get blocked, but I thought I might as well mention it. (This is off-topic, but I’ve had so many fewer problems with Pale Moon than with Firefox since Firefox v. 29 came out that I switched to Pale Moon as my default browser. I guess this download-screening business will soon be one more case in point.)

    If memory serves, either Sophos and/or AVG used to consistently quarantine a couple of Sysinternals utilities as malware. (I’m pretty sure one of them was pskill.exe; I don’t remember the other.) I’ve never had that problem with Avast.

    1. Peter CM said on September 24, 2014 at 8:41 am

      You know what? I spoke too soon with respect to Avast. I attempted to download and “install” all of the NirSoft utilities using WSCC, and Avast balked at allowing two of NirSoft’s password-recovery utilities. One of them I was able to download by entering a path exception in Avast, but the utility that allows you to recover passwords for Internet Explorer, Outlook, and MSN (?) Explorer remained a no-go. Because I don’t use any of those programs (except for IE on rare occasions), I wasn’t motivated to press on for a solution.

      By the way, I now recall that the other Sysinternals utility that Sophos and/or AVG used to quarantine in addition to pskill.exe was psexec.exe.

    2. Anonymous said on September 24, 2014 at 5:42 am

      Count me in as a fan of Pale Moon. Firefox would not even let me download iTunes today. I had to use IE (uhh!).

  12. Armond said on September 22, 2014 at 9:12 pm

    Here, I have no problem downloading the ZIP file with Firefox, even if I delete my user profile and reset all settings. So maybe it is no longer blocked by Google? Both checkboxes are checked in the Security tab in the Advance settings. Thanks.

    1. Martin Brinkmann said on September 22, 2014 at 10:59 pm

      Maybe it is, or it is a new version that has been uploaded. Don’t really know.

  13. Jojo said on September 22, 2014 at 8:15 pm

    Comodo AV typically flags some of his tools. I have to add them to the exclusions.

  14. city_zen said on September 22, 2014 at 6:00 pm

    A good alternative to the NirLauncher Package is the Windows System Control Center (http://www.kls-soft.com/wscc/), which is also a free launcher program that integrates not only all of NirSoft’s tools but also all of Sysinternals utilities. Worth checking out.

  15. ilev said on September 22, 2014 at 5:36 pm

    With Chrome you can force the blocked download by opening the download folder and forcing download.

    1. Martin Brinkmann said on September 22, 2014 at 6:03 pm

      Right, good point Ilev!

  16. jasray said on September 22, 2014 at 5:06 pm

    May be a good time to download the 7.3 version of GE Geek Tech Toolkit:


  17. Joe said on September 22, 2014 at 4:54 pm

    Even Macintosh anti-virus software sees it as a threat:


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.