CB Defense: Why is Filezilla installer seen as malware?
search cancel

CB Defense: Why is Filezilla installer seen as malware?

book

Article ID: 288695

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Why is Filezilla installer seen as malware?

Environment

  • CB Defense Sensor: All Supported Versions
  • Microsoft Windows: Supported Versions
  • Filezilla FTP Server: 3.45.1

Resolution

The 3.45.1 Filezilla installer has adware offers in their sponsored / bundle versions of the installer. These are additional programs that are installed by default. Due to this, the installer is currently getting the Reputation of Known Malware. 

Additional Information

  • Some installers for application give the option of installation of additional applications, enabled by default
  • Setting following Permission allows installer to run with defaults for installer: 
Application at path: **\(installer file name)
Operation Attempt: Runs or is running, communicates over network
Action: Allow & Log
  • Installer file can be added to Company Whitelist by Hash value to set higher Reputation
Powered by Wolken Software