I check software installers before using. For that, I use virustotal.com normally. (tested with version 0.56.6)
After I uploaded the current Win Installer, I got this warning: W32/NSIS_Injector.B.gen!Eldorado It looks like that is a trojaner. But I am not sure. Here is the direct checkup link: Check Installer
Has someone more information to that topic? Or can give a more quality answer?
I’m doing programming, mostly in my free time, and my knowledge about security and how virus, malware, … works is limited.
I was finding posts like that from the past. That’s why the question from my site. Is there a specific area where the developers doing cross-checking on that? Was there an investigation on that in the past?
I am concerned about that, because I want to use this program. Many other software programs are overflowed with features, in my opinion.
So one of application, that we use to receive a secure token - RSA - says that portofio performace have a threat. It doesn’t say what kind of threat, but we got information that one of library used inside is not safe. Is it possible to change this by developers? I have information that one of our user pay monthly for portfolio performance so he want to use both apps in same time on same device.
Without more information nobody could even really reply to your post. Which risk/libary is marked, by which plugin/scanner? And are you referring to Portfolio Performance or the app? You could just pay monthly for the app, the desktop application is open source and free use.
Hi. Thanks for your replay. I mean application on Android. I will try to find out if there is any information which particular library cause this issue. It’s not the point to use app on PC, because user want to use it on mobile phone.
That is correct and we can’t do much. It’s looks like this. After couple of minutes after you install portfolio performance you are blocked and when you check your ID it shows something like this below. So my question is that someone from devleopers can fix this ASAP?
I know RSA as a solution for companies that want their employees to be able to log into the company network with their private device because they are too stingy to provide their employees with devices. If the ‘mobile lock’ module of this app then blocks things incorrectly on the private device, this is not a problem for the blocked application.
The quickest solution is probably to report the false positive to RSA and hope for a remedy. In the long term, it would be better not to mix business and private requirements on one device, but to distribute them across two devices.
Yes it’s true. But give users a corporate device make a unnecessary cost, and also you need to support it. I will check app also via other software and confirm if that is false positive information or not.
I find it the most hilarious that this application, in order to be able to scan PP, needs elevated permissions to be able to operate outside its own sandbox. But that is OK because RSA is known for their high quality programming standards and never have they added backdoors into their products. And as the owner of a device I find it totally OK, that my employer not only safes money by using my private hardware but installs this kind of software or is allowed to brick my device from remote (incl. my personal apps and data) because … reasons.