TomFace 539 Posted March 29, 2019 Share Posted March 29, 2019 (edited) I use ExpressVPN and as of their update to v6.9.2(7013) on 3.13.19 I have started getting a PUA detection (4 total) with "nssm.exe_########" (a variant of Win32/NSSM.D potentially unsafe application) in the description. Yes I have PUA & PUP detection enabled in EIS. The current VPN version is 7.0.1(7156) and the PUA detection is still there. I did submit it to samples@eset.com and they confirmed the detection is correct. I have been in contact with ExpressVPN support and they keep reiterating that their software is safe and to "give them a few more days & days & days". I did some research and found this... https://www.file.net/process/nssm.exe.html and a whole slew of other articles at https://duckduckgo.com/?q=nssm.exe&t=ffsb&atb=v161-1&ia=web The locations of the detection is... C:\Documents and Settings\All Users\Package Cache C:\ProgramData\Package Cache C:\Users\All Users\Package Cache C:\Windows\Installer Regards, Tom Edited March 31, 2019 by TomFace Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 29, 2019 Administrators Share Posted March 29, 2019 The NSSM detection is correct. It's a potentially unsafe application. These applications cover legitimate applications that might be misused in the wrong hands and therefore might not be wanted in certain environments. If you are aware of the application and use it intentionally and also want to keep detection of potentially unsafe applications enabled, exclude it from further detection by the detection name. Link to comment Share on other sites More sharing options...
TomFace 539 Posted March 29, 2019 Author Share Posted March 29, 2019 (edited) Thank you Marcos for your input...I've considered doing that exception. Regards, Tom Edited March 31, 2019 by TomFace Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted March 29, 2019 Administrators Share Posted March 29, 2019 It's perfectly ok to exclude it if used for legitimate purposes: Link to comment Share on other sites More sharing options...
TomFace 539 Posted March 29, 2019 Author Share Posted March 29, 2019 (edited) Yeah...I think I will exclude it. Regards, Tom Edited March 31, 2019 by TomFace Link to comment Share on other sites More sharing options...
Recommended Posts