I'm using 10.0.1.
An update of one of my portable apps tripped one of our IDS signatures. The signature triggers on a user-agent string known to be used by various malware.
SRC: GET /project/portableapps/Google%20Chrome%20Portable/Additional%20Versions/GoogleChromePortable_17.0.963.46_online.paf.exe HTTP/1.1
SRC: User-Agent: NSIS_Inetc (Mozilla)
SRC: Host: downloads.sourceforge.net
SRC: Pragma: no-cache
SRC: X-Forwarded-For:
SRC: Connection: Keep-Alive
Link to the IDS rule:
http://doc.emergingthreats.net/2011227
My advice would be to change the portable app update tool and have it provide it's own User-Agent string.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
That's the standard NSIS downloading plugin used by virtually all NSIS online installers. That's like blocking a message box that yells out "Hello World!"
Sure, viruses can download stuff and upload tracking information, but that can be done with any language as well. I really don't think NSIS_Inetc should be blocked.
A different useragent is used in 10.1 that should alleviate this issue in most strict corporate environments.
Sometimes, the impossible can become possible, if you're awesome!