Topic "Anti-virus detects supsicious file on WinSCP 5.1 upgrade"

Author Message
nmoore1978

Guest


I have upgraded two computers from 4.x to 5.1. Both computers' endpoint security detected an EXE file in the Windows directory following the WinSCP upgrade as suspicious and quarantined the files. The files have different names on the computers.

C:\Windows\is-BFNG4.exe
C:\Winodws\is-OM2NS.exe

Sophos is showing HIPS/RegMod-014 as the reason for the suspicion.
abclab

Guest


Yes, I experienced the same issue as well. Sophos detected the fole in C:\Windows\is-1JK1B.exe

nmoore1978 wrote:
I have upgraded two computers from 4.x to 5.1. Both computers' endpoint security detected an EXE file in the Windows directory following the WinSCP upgrade as suspicious and quarantined the files. The files have different names on the computers.

C:\Windows\is-BFNG4.exe
C:\Winodws\is-OM2NS.exe

Sophos is showing HIPS/RegMod-014 as the reason for the suspicion.
martin
[View user's profile]
Site Admin
Joined: 2002-12-10
Posts: 25015
Location: Prague, Czechia
Looks like a false possitive. No reports from other AV.

Please refer here:
https://www.sophos.com/en-us/threat-center/threat-analyses/suspicious-behavior-and-files/HIPS~RegMod-014.aspx
To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations.

Can you please submit WinSCP installer for analysis, as suggested, so that they can fix this false possitive?
Advertisements

You can post new topics in this forum






Search Site

What is WinSCP?

It is award-winning SFTP client, SCP client, FTPS client and FTP client integrated into one software program for file transfer to FTP server or secure SFTP server. [More]

And it's free!

Donate

About donations

$9   $19   $49   $99

About donations

Recommend

WinSCP Privacy Policy

WinSCP License