Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

Re: Anti-virus detects supsicious file on WinSCP 5.1 upgrade

Looks like a false possitive. No reports from other AV.

Please refer here:
https://www.sophos.com/en-us/threat-center/threat-analyses/suspicious-behavior-and-files/HIPS~RegMod-014.aspx
To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations.

Can you please submit WinSCP installer for analysis, as suggested, so that they can fix this false possitive?
abclab

Re: Anti-virus detects supsicious file on WinSCP 5.1 upgrade

Yes, I experienced the same issue as well. Sophos detected the fole in C:\Windows\is-1JK1B.exe

nmoore1978 wrote:

I have upgraded two computers from 4.x to 5.1. Both computers' endpoint security detected an EXE file in the Windows directory following the WinSCP upgrade as suspicious and quarantined the files. The files have different names on the computers.

C:\Windows\is-BFNG4.exe
C:\Winodws\is-OM2NS.exe

Sophos is showing HIPS/RegMod-014 as the reason for the suspicion.
nmoore1978

Anti-virus detects supsicious file on WinSCP 5.1 upgrade

I have upgraded two computers from 4.x to 5.1. Both computers' endpoint security detected an EXE file in the Windows directory following the WinSCP upgrade as suspicious and quarantined the files. The files have different names on the computers.

C:\Windows\is-BFNG4.exe
C:\Winodws\is-OM2NS.exe

Sophos is showing HIPS/RegMod-014 as the reason for the suspicion.