Sophos Detecting FileZilla Update as a PUA.

Need help with FileZilla Client? Something does not work as expected? In this forum you may find an answer.

Moderator: Project members

Post Reply
Message
Author
Grok
500 Command not understood
Posts: 1
Joined: 2021-01-08 01:04
First name: Scott
Last name: Dunn

Sophos Detecting FileZilla Update as a PUA.

#1 Post by Grok » 2021-01-08 01:36

Hello - My Sophos antivirus is hitting the recent update from FileZilla and removing this file...

Ref: C:\Windows\Temp\03d5ca3d-5146-11eb-9f32-24ee9a35253b\target.exe

User avatar
botg
Site Admin
Posts: 33357
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Sophos Detecting FileZilla Update as a PUA.

#2 Post by botg » 2021-01-08 09:12

False-positive. Don't tell us, tell Sophos.

JoesCat
500 Command not understood
Posts: 1
Joined: 2021-01-25 17:13
First name: Joe

Re: Sophos Detecting FileZilla Update as a PUA.

#3 Post by JoesCat » 2021-01-25 19:37

It looks like Grok was just trying to alert others of possible malware. The reason I'm here today and found this thread.


I see you're an Admin and have probably dealt with a plethora of posts covering the gamut of potential irritations. It was Grok's first post - maybe consider cutting some slack?
Your call whether my post should start a new thread.
Are you SURE it's a false-positive? I cannot determine if Grok's flagged file is the same as the one I've downloaded today.

On to why I'm here. Perhaps this should be in a new thread: I downloaded the latest FileZilla client (free version) from the official FileZilla site. "FileZilla_3.52.2_win64_sponsored-setup.exe". I was led to the site via a FileZilla client prompt to update to the latest version.
Upon running the .exe, Malwarebytes quarantined it as "Adware.FusionCore". Before you tell me to tell Malwarebytes, and not mention it here, VirusTotal (www.virustotal.com) reports 26 malware engines also detected it as containing malware! THAT is a problem! Screenshot attached.
Interestingly, Sophos was not on the list of engines flagging it. A different download Grok had, or he/she simply got further into the install before "target.exe" was flagged? Or, I have a different installer downloaded and that too is popping malware programs? Neither is great news - let's not shoot-the-messenger before knowing what's really going on.
Attachments
2021-01-25_124049.jpg
2021-01-25_124049.jpg (403.72 KiB) Viewed 652 times

User avatar
botg
Site Admin
Posts: 33357
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Sophos Detecting FileZilla Update as a PUA.

#4 Post by botg » 2021-01-26 12:38

Common practice for AV vendors copy each others signatures.

There is nothing wrong with the installer, it doesn't do anything the user doesn't want it to do.

elizabeth
500 Command not understood
Posts: 1
Joined: 2021-02-15 16:07
First name: elizabeth
Last name: gonzalez

Re: Sophos Detecting FileZilla Update as a PUA.

#5 Post by elizabeth » 2021-02-15 16:14

Currently carbon black and symantec detect the latest version as malware and block the installation. how do we check that it is a clean file

User avatar
botg
Site Admin
Posts: 33357
Joined: 2004-02-23 20:49
First name: Tim
Last name: Kosse
Contact:

Re: Sophos Detecting FileZilla Update as a PUA.

#6 Post by botg » 2021-02-16 08:24

Easy, if they claim it is malware, ask them for details, what the exact mechanism of harm is. If it truly were malware, they can give you an answer in excruciating details. If they won't give a detailed answer, they are merely crying wolf.

Post Reply