Hi Guys
Recently I installed Portableapps.exe to my pen drive which I use at work. Its very useful for my job as the app's it allows me to run don't leave any mark on the local registry or HD. However, recently IT's Anti-virus marked the base .exe file as a possible threat. This is of course a false positive, however it could cause issues for anyone else using this in a business environment.
Threat detected: Suspicious Behaviour: HIPS/RemFileMod-002
I have a picture sent from IT, but can't upload at work so I'll have to do this later.
Could anyone please enlighten me as to why our anti-virus would pick up a false positive from this program?
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
I know the Platform allows you to rename the drive. The drive name is stored in the autorun file.
Previously known as kAlug.
One of the methods Anti-Virus software utilizes in its scanning is to "dissect" executables in order to find out what "functions" it's runing.
Many of our launcher executables (ex: FirefoxPortable.exe) manipulate registry entries, redirect environment variables, and many other actions required to move personal data. Overall, the intention is good, but each function looked at individually represent actions a virus would typically execute.
As even high-end Anti-Virus can't efficiently manage a large database of known viruses, they often resort to this tactic in order to help identify new ones.
That explains why our base exe's come up in your scanner, but I'm afraid there isn't a very good solution other than reporting the file as a false positive and keeping your virus definitions/database up to date.
Read my post above. The problem (this time) is that the Platform (= base exe) writes to the autorun file.
Previously known as kAlug.