Bypass Firefox's Blocked: May contain a virus or spyware message
Google Safe Browsing maintains a list of files, sites and pages that the company has flagged as malicious. The product has been in use in the company's own Chrome browser for some time and recently implemented in the Firefox web browser as well.
Firefox handles the checks different than Chrome. Instead of communicating directly with a Google server whenever a user of the browser attempts to access pages or download files, it is checking a local copy of the blocklist first and will contact the server only if a match is found.
This is done to verify the claim and make sure that the file or site is still on the Safe Browsing list.
The big issue with Safe Browsing is that you can run into false positives easily. One developer who is plagued by this a lot is Nir Sofer.
When I tried to download Facebook Cache Viewer earlier today for example I received the message in Firefox that it was blocked.
Blocked: May contain a virus or spyware
A similar message is displayed in Google Chrome (xyz is malicious, and Chrome has blocked it).
While Chrome offers an option to download the file anyway on chrome://downloads/, Firefox does not offer options to recover the file.
Note that Firefox scans files only on Windows and not in other operating systems it is compatible with.
Here is a short list of options to download blocked files in Firefox
- Use a different browser that does not rely on Google's Safe Browsing technology. Internet Explorer or Opera come to mind, and even Chrome works as you can recover file downloads.
- Disable Safe Browsing in Firefox. This can be done in the preferences as described here. It is alternatively possible to set the preferences browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled to false on the about:config page.
- Use a download manager to download files instead of Firefox directly. A good free program is Free Download Manager.
It is unclear why there is no option to override or bypass flagged downloads to download files anyway even if they are flagged by the browser similar to how Google Chrome handles that.
There is a bug report for that but it has not received a response yet.
Now You: How do you handle blocked downloads in Firefox`?
Please send me an email using the Contact page on this site so that I can verify that you are the owner of the address. I enable the newsletter for the address manually then. Sorry for the inconvenience!
Note: in trying to subscribe to your newsletter, i get to a small window which says “we just have to make sure you’re a person” – a blank space below that and then a “subscribe” button. No captcha appears. what to do?
I noticed this function for the first time today. Obviously, you can unblock those blocked downloads,
by simply opening the Download window, right clicking on the file in question and selecting unblock.
So it’s not a big deal – at least in my version of Firefox (version 45 on Linux). What concerns me more
is the privacy issue. So each time find finds some suspicious file (false positive or not) it checks
Google’s servers if the file is still one the Safe Browsing list? Really? That means it’s basically
telling Google what I’m downloading, even though I’d never install Chrome, never use the Google
search engine and use Firefox in privacy mode all the time, because I’m concerned about my privacy.
I’ll better turn off “Safe” browsing. Thanks for the article.
thank you for info how to disable this annoying blocking feature.
I have had 4 pdfs and one executable file (totally legitimate) blocked. The fact that you cannot unblock them is so frustrating. I disabled the safe list temporarily to see but this remains a feature which should be implemented differently (at least include a button to bypass)
NO LIFETIME for shitty browsers !
encountered my first “blocked download”, notified within last second or so.
so sadly seems no change/update yet made for 36.0.4
The Mozilla bug report; https://bugzilla.mozilla.org/show_bug.cgi?id=1066133
was closed as a duplicate. It is now;
https://bugzilla.mozilla.org/show_bug.cgi?id=1068656
Bug 1068656 – Implement new Downloads Panel item state for items that can be unblocked
Thanks Fred, I have changed the link to reflect that.
Two words.
Firefox Uninstalled
Yep Firefox 36 on Linux just blocked a file after I spent an downloading it. Maddening that it does this AFTER I waste so much bandwidth downloading it, AND with no option of overriding. Turning off this piece of crap safe browsing ASAP.
yes, it’s just a piece of sh*t!!!!
Firefox 36 on Linux just did this to me. Download a file for 2 hours then deny me access to it with this idiotic message. Totally unacceptable.
I hope the legitimate companies whose software was blocked sue Google and Firefox for this collusion and clear antitrust violation that they have taken for no other reason than to stifle competition and enrich themselves. I don’t know who is running Mozilla right now but every action and update they have made these last couple of years has been worse than the one before it. It is almost like they are intentionally trying to destroy what was once a wonderful product; that or they are seeing how far they can push the average user before they come to their senses and start to complain or change products.
I think that this and the whole forcing upgrades of Adobe Flash is just to earn them money and are clear infringements of antitrust laws. I would uninstall Firefox (and Chrome) before they start selling your browsing history to advertisers (if they don’t already). This company has no morals anymore and shouldn’t be trusted; I fear there will likely come a point where they will try to cash out and simply sell everyones credit card and other personal information to hackers.
What a crap! Blocks PDFForge which is open source.
WTF blacklisted PDFCreator ?!?
Inactivated this shit, a good reason to go back to IE, inactivated this shit!!!
“Google Safe Browsing … has been in use in the company’s own Chrome browser for some time and recently implemented in the Firefox web browser as well.”
The Google Safe Browsing feature has been in Firefox for years; only the malicious file list is new.
I, too, have both turned off. Waste of bandwidth. I’m careful not to download from shady web sites, careful about clicking on links in e-mail, etc. Haven’t had a virus alert in twenty years. Probably should get rid of my anti-virus software as well.
Same here. People who read your blog don’t use Safe Browsing ;)
Here I’ve always had browser.safebrowsing.enabled and browser.safebrowsing.malware.enabled set to false.
I wouldn’t advise these settings for a user who is starting to discover the Web and is not equipped with system-wide security or at least Firefox security tools.
Concerning Nir Sofer (aka NirSoft) applications, this comedy has been lasting for years. Everyone knows, the planet knows NirSoft applications are healthy, pertinent, safe. Why the heck does it take so long for Google to acknowledge is beyond my understanding.
Last but not least, theses above settings when set to true (default) also slow down the rendering, even if slightly. With a good security infrastructure just set them to off is my advice.
Tempted–“Last but not least, theses above settings . . . ”
Hmmm . . . how about proofing your own writing first and let Martin proof his writing.
Come on, don’t be childish :) I hope, I even believe having been understood, even by you!
The point here is not to apply for a job in the latest East coast gazette!
Are you snob or plainly an upstart crow?! And remember that English is not the mother-tongue of all. Remember or figure it out.
I never use Safe Browsing, it is totally crap, slow down my browser, I just use AdBlock software like Privoxy to filter harmful javascript function and force them ask before execute and I never get any virus even I never use antivirus too.
You don’t install antivirus software? Then you’re a fool. Viruses don’t just come in through unsafe browsing, there are flaws in Windows (and other operating systems too – remember the Java flaw that was exploited in Mac OS X?) that allow malicious software into the system.
I once maintained a Windows 2000 Server installation (state of the art at the time!) that was used only for serving files and printers, never used to surf the Web; it had no antivirus because there was no budget to pay for server-grade antivirus (blame management, not me!) It wound up with bogus user accounts, MIRC bots, and probably was used to send spam – even though I was the only user, and I only used it once a month to burn backup DVDs.
Despite what Symantec is saying, antivirus is essential, and the need for it won’t go away. Windows Defender and Microsoft Security Essentials are only a stopgap for fools that don’t think they need “full” antivirus – even Microsoft says so.
Drop the tinfoil hat, the NSA is not sending viruses. You certainly did something stupid to get that virus.
I stopped using anti-viruses for 6 years now. Never got another virus ever since, except for one time I had to open someone’s pendrive, nothing malwarebytes couldn’t solve.
Main key to not get a virus: Download your porn and games from trust-able sources.