Anti-virus detects supsicious file on WinSCP 5.1 upgrade

Advertisement

nmoore1978
Guest

Anti-virus detects supsicious file on WinSCP 5.1 upgrade

I have upgraded two computers from 4.x to 5.1. Both computers' endpoint security detected an EXE file in the Windows directory following the WinSCP upgrade as suspicious and quarantined the files. The files have different names on the computers.

C:\Windows\is-BFNG4.exe
C:\Winodws\is-OM2NS.exe

Sophos is showing HIPS/RegMod-014 as the reason for the suspicion.

Reply with quote

abclab
Guest

Re: Anti-virus detects supsicious file on WinSCP 5.1 upgrade

Yes, I experienced the same issue as well. Sophos detected the fole in C:\Windows\is-1JK1B.exe

nmoore1978 wrote:

I have upgraded two computers from 4.x to 5.1. Both computers' endpoint security detected an EXE file in the Windows directory following the WinSCP upgrade as suspicious and quarantined the files. The files have different names on the computers.

C:\Windows\is-BFNG4.exe
C:\Winodws\is-OM2NS.exe

Sophos is showing HIPS/RegMod-014 as the reason for the suspicion.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,253
Location:
Prague, Czechia

Re: Anti-virus detects supsicious file on WinSCP 5.1 upgrade

Looks like a false possitive. No reports from other AV.

Please refer here:
https://www.sophos.com/en-us/threat-center/threat-analyses/suspicious-behavior-and-files/HIPS~RegMod-014.aspx
To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations.

Can you please submit WinSCP installer for analysis, as suggested, so that they can fix this false possitive?

Reply with quote

Advertisement

You can post new topics in this forum