You are here

[Fixed] Portable Apps Update process needs a different User-Agent

3 posts / 0 new
Last post
wally3514
Offline
Last seen: 10 years 7 months ago
Joined: 2012-02-10 13:00
[Fixed] Portable Apps Update process needs a different User-Agent

I'm using 10.0.1.

An update of one of my portable apps tripped one of our IDS signatures. The signature triggers on a user-agent string known to be used by various malware.

SRC: GET /project/portableapps/Google%20Chrome%20Portable/Additional%20Versions/GoogleChromePortable_17.0.963.46_online.paf.exe HTTP/1.1
SRC: User-Agent: NSIS_Inetc (Mozilla)
SRC: Host: downloads.sourceforge.net
SRC: Pragma: no-cache
SRC: X-Forwarded-For:
SRC: Connection: Keep-Alive

Link to the IDS rule:
http://doc.emergingthreats.net/2011227

My advice would be to change the portable app update tool and have it provide it's own User-Agent string.

Pyromaniac
Pyromaniac's picture
Offline
Last seen: 7 years 5 months ago
Developer
Joined: 2008-09-30 19:18
Really?

That's the standard NSIS downloading plugin used by virtually all NSIS online installers. That's like blocking a message box that yells out "Hello World!" Pardon

Sure, viruses can download stuff and upload tracking information, but that can be done with any language as well. I really don't think NSIS_Inetc should be blocked.

John T. Haller
John T. Haller's picture
Online
Last seen: 22 min 50 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Fixed in 10.1

A different useragent is used in 10.1 that should alleviate this issue in most strict corporate environments.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments