Jump to content

ExpressVPN & nssm.exe


TomFace
 Share

Recommended Posts

I use ExpressVPN and as of their update to v6.9.2(7013) on 3.13.19 I have started getting a PUA detection (4 total) with  "nssm.exe_########"  (a variant of Win32/NSSM.D potentially unsafe application) in the description. Yes I have PUA & PUP detection enabled in EIS. The current VPN version is 7.0.1(7156) and the PUA detection is still there. I did submit it to samples@eset.com and they confirmed the detection is correct. I have been in contact  with ExpressVPN support and they keep reiterating that their software is safe and to "give them a few more days & days & days:angry:". 

I did some research and found this... https://www.file.net/process/nssm.exe.html

and a whole slew of other articles at https://duckduckgo.com/?q=nssm.exe&t=ffsb&atb=v161-1&ia=web

The locations of the detection is...

C:\Documents and Settings\All Users\Package Cache

C:\ProgramData\Package Cache

C:\Users\All Users\Package Cache

C:\Windows\Installer

Regards,

Tom

 

Edited by TomFace
Link to comment
Share on other sites

  • Administrators

The NSSM detection is correct. It's a potentially unsafe application. These applications cover legitimate applications that might be misused in the wrong hands and therefore might not be wanted in certain environments.

If you are aware of the application and use it intentionally and also want to keep detection of potentially unsafe applications enabled, exclude it from further detection by the detection name.

image.png

Link to comment
Share on other sites

Thank you Marcos for your input...I've considered doing that exception.

Regards,

Tom

 

 

Edited by TomFace
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...