Page 1 of 1

Sophos Detecting FileZilla Update as a PUA.

Posted: 2021-01-08 01:36
by Grok
Hello - My Sophos antivirus is hitting the recent update from FileZilla and removing this file...

Ref: C:\Windows\Temp\03d5ca3d-5146-11eb-9f32-24ee9a35253b\target.exe

Re: Sophos Detecting FileZilla Update as a PUA.

Posted: 2021-01-08 09:12
by botg
False-positive. Don't tell us, tell Sophos.

Re: Sophos Detecting FileZilla Update as a PUA.

Posted: 2021-01-25 19:37
by JoesCat
It looks like Grok was just trying to alert others of possible malware. The reason I'm here today and found this thread.


I see you're an Admin and have probably dealt with a plethora of posts covering the gamut of potential irritations. It was Grok's first post - maybe consider cutting some slack?
Your call whether my post should start a new thread.
Are you SURE it's a false-positive? I cannot determine if Grok's flagged file is the same as the one I've downloaded today.

On to why I'm here. Perhaps this should be in a new thread: I downloaded the latest FileZilla client (free version) from the official FileZilla site. "FileZilla_3.52.2_win64_sponsored-setup.exe". I was led to the site via a FileZilla client prompt to update to the latest version.
Upon running the .exe, Malwarebytes quarantined it as "Adware.FusionCore". Before you tell me to tell Malwarebytes, and not mention it here, VirusTotal (www.virustotal.com) reports 26 malware engines also detected it as containing malware! THAT is a problem! Screenshot attached.
Interestingly, Sophos was not on the list of engines flagging it. A different download Grok had, or he/she simply got further into the install before "target.exe" was flagged? Or, I have a different installer downloaded and that too is popping malware programs? Neither is great news - let's not shoot-the-messenger before knowing what's really going on.

Re: Sophos Detecting FileZilla Update as a PUA.

Posted: 2021-01-26 12:38
by botg
Common practice for AV vendors copy each others signatures.

There is nothing wrong with the installer, it doesn't do anything the user doesn't want it to do.

Re: Sophos Detecting FileZilla Update as a PUA.

Posted: 2021-02-15 16:14
by elizabeth
Currently carbon black and symantec detect the latest version as malware and block the installation. how do we check that it is a clean file

Re: Sophos Detecting FileZilla Update as a PUA.

Posted: 2021-02-16 08:24
by botg
Easy, if they claim it is malware, ask them for details, what the exact mechanism of harm is. If it truly were malware, they can give you an answer in excruciating details. If they won't give a detailed answer, they are merely crying wolf.