Re: Email sent
Thanks Patrick.
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
I've sent prikryl an email and I'll document what we find, if anything, in this thread.
So can you try to download the installer again, from another mirror, and try to reinstall it, to see if the problem repeats?
Regardless, it seems like more people than just me are experiencing this weird registry issue. Would it be possible for you to test and try to confirm, or would you need a copy of McAfee? I don't really have any reason to believe that WinSCP's source code itself is compromised, but if you're still using OpenCandy in the installer, might there not be possible connection there? I'm not too familiar with OpenCandy - do they give you a binary library or do you have access to their source code so you can truly verify that their software contains no malware - aside, of course, from the junk they're openly hocking in your installer ;)
I just installed the latest stable version (at the time of this post, 4.2.9) and during the install, McAfee alerted me to some blocked actions. I checked the log, and if I read this correctly, it would appear that the installer was trying to modify McAfee's registry keys. Am I reading this correctly? If so, this is highly suspect. What's more troubling is the fact that when I received the notification to upgrade a few weeks ago, I went to the download page, and the download page had apparently been hacked. I created a ticket and it was quickly resolved (https://winscp.net/forum/viewtopic.php?t=9215&highlight=hacked). I'm seriously concerned that WinSCP, the website, software, or both, have been compromised as both are highly desirable targets. I hope I'm just being paranoid, but I think it's worth looking into.
4.2.9 is out few weeks already and I do not have any other such report. Where did you download WinSCP installer from?
Regarding alleged hacking of the winscp.net site: It was version history page (not download page), which is part of wiki-based documentation of WinSCP. As any wiki, such as Wikipedia, some people find it funny to post nonsenses there. This can hardly be called hacking.
I just installed the latest stable version (at the time of this post, 4.2.9) and during the install, McAfee alerted me to some blocked actions. I checked the log, and if I read this correctly, it would appear that the installer was trying to modify McAfee's registry keys. Am I reading this correctly? If so, this is highly suspect. What's more troubling is the fact that when I received the notification to upgrade a few weeks ago, I went to the download page, and the download page had apparently been hacked. I created a ticket and it was quickly resolved (https://winscp.net/forum/viewtopic.php?t=9215&highlight=hacked). I'm seriously concerned that WinSCP, the website, software, or both, have been compromised as both are highly desirable targets. I hope I'm just being paranoid, but I think it's worth looking into.
12/30/2010 9:24:13 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:14 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection\Alerts Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:15 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection\DefaultTask Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:15 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection\Tasks Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:15 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\McTray Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write
12/30/2010 9:24:15 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\McTray\Plugins Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write
12/30/2010 9:24:15 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:15 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Alert Client Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Detect Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Email Scanner Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\McPAL Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\MCVSSNMP Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\NVP Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\On Access Scanner Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Script Scanner Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:16 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write
12/30/2010 9:24:17 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:17 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection\Alerts Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:17 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection\DefaultTask Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:17 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\DesktopProtection\Tasks Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:17 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\McTray Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write
12/30/2010 9:24:17 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\McTray\Plugins Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Alert Client Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Detect Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Email Scanner Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\McPAL Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\MCVSSNMP Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\NVP Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:18 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\On Access Scanner Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:19 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\McAfee\VSCore\Script Scanner Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Write
12/30/2010 9:24:19 AM Blocked by Access Protection rule <machine name redacted> C:\Users\<user name redacted>\AppData\Local\Temp\is-F70UF.tmp\winscp429setup.tmp \REGISTRY\MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator Common Standard Protection:Prevent modification of McAfee Common Management Agent files and settings Action blocked : Write