Potentiall Dangerous Modification of BC3 setup

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • bcdewul
    Old Hand
    • Sep 2010
    • 282
    #1

    Potentiall Dangerous Modification of BC3 setup

    Kaspersky Internet Security 2011 reports "Detected a potentially dangerous modification of the application: Beyond Compare 3 Setup".. etc.

    I click on "Yes, I trust"

    However, this "modification warning" just all of a sudden pops up. I wasn't using BC at all. This happened a few times now.

    Maybe add a digital signature to BC ?

    ==
    Tags: None
    • Chris
      Team Scooter
      • Oct 2007
      • 5538
      #2
      Beyond Compare 3's installer and Beyond Compare 3's executable once installed are both digitally signed.

      We check the installer and executable for every Beyond Compare release using virustotal.com to scan with multiple virus scanners.

      This might be a false positive.
      Chris K Scooter Software

        Comment

        • Aaron
          Team Scooter
          • Oct 2007
          • 16011
          #3
          Hello,

          With the latest trial of Kaperskey Anti-Virus 2011 with the latest updates, I was able to scan the executable and then walk through the installation of the BC 3.2.3 trial without any security prompts.

          Do you have all the latest updates for Kaperskey2011? Do you know at which point specifically the warning pops up?
          Aaron P Scooter Software

            Comment

            • bcdewul
              Old Hand
              • Sep 2010
              • 282
              #4
              I have 2011 and updates are automatically. My latest version is today's database.

              There were 2 warnings recently.
              the one that I posted
              For details - see under 1 - Kaspersky Report, it seems to be the updater..?


              And another one BCOMPARE.EXE called by Powerc1170.exe.

              Now the last one is very strange...
              Because powerarc1170.exe is packed installer, i.e. one needs to double click to install PowerArchiver v.11.70

              So, weirdly enough, an installer of an archiver seems to call on BCompare.exe, that is strange.

              As for (1) I think I should shift BCUpdate.exe to trusted, but then again, why does KIS report that it has no digital signature.

              This is all I can get you.
              =

                Comment

                • Zoë
                  Team Scooter
                  • Oct 2007
                  • 2666
                  #5
                  If you're running Vista or Windows 7 you should be able to right click on BCompare.exe or BCompareSetup.exe, select Properties, and Windows should have a "Digital Signatures" tab that will show it. They should both show that they're signed by "Scooter Software". If they don't, the files could be corrupt or infected, and you should try downloading it again. If they do show the signature you should be able to view it, and Windows will test it and tell if it's ok or not; if it's ok the file hasn't been modified.
                  Zoë P Scooter Software

                    Comment

                    • bcdewul
                      Old Hand
                      • Sep 2010
                      • 282
                      #6
                      Well, I am sure it is alright, downloaded the software from your site, so in fact no reason to doubt.

                      But for good order's sake I just checked:
                      there is a file : BC3Update.exe - size 5.966.080 bytes on my C-drive
                      under C:\Users\MyName\AppData\Local\Temp
                      with a dig.signature dated : 9 december 2010 21:44:45

                      The setup file I have elsewhere BCompare-3.2.3.13046.exe has exactly
                      the same size : 5.966.080, same signature date.
                      From Comodo

                      Added them to trusted software in KIS, assume matter solved.

                      Thanks again.
                      =

                        Comment

                        Previous template Next
                        Working...