rejetto forum

Software => HFS ~ HTTP File Server => Bug reports => Topic started by: pboserup on February 06, 2023, 07:23:12 PM

Title: Hfs.exe - Maulware via PUP
Post by: pboserup on February 06, 2023, 07:23:12 PM

Our AV - Crowdstike is alerting and quarantining hfs.exe.

Objective
Falcon Detection Method
Tactic & technique
Malware via PUP
Technique ID
CST0013
Specific to this detection
This file is classified as Adware/PUP based on its SHA256 hash.

Also the exe does not have a digital signature.

Any thoughts?

Title: Re: Hfs.exe - Maulware via PUP
Post by: LeoNeeson on February 06, 2023, 09:10:36 PM

Hi, if you have it downloaded from a ‘trusted source’ (from here (https://rejetto.com/hfs/?f=dl) or here (https://github.com/rejetto/hfs2/releases/)), you can rest assured it is a ‘false positive (https://en.wikipedia.org/wiki/Antivirus_software#Problems_caused_by_false_positives)’. About the digital signature, ‘code signing (https://en.wikipedia.org/wiki/Code_signing)’ is expensive (not free (https://codesigningstore.com/free-code-signing-certificate), even for open source (https://www.google.com/search?q=Free+code+signing+for+open+source&hl=en-US) projects).

Title: Re: Hfs.exe - Maulware via PUP
Post by: TEA-Time on February 06, 2023, 09:49:19 PM

Yup, what Leo said, plus bad actors have abused HFS for nefarious purposes (much like the SysInternals and NirSoft utilities) in the past because of its ability to serve up and receive files.


-Tim

Title: Re: Hfs.exe - Maulware via PUP
Post by: rejetto on February 09, 2023, 10:33:04 AM

adware: there's no ad in HFS
PUP: "potentially undesired program", if you are willing to use it it's not undesired, am i right? 🙃