cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

"Unspecified Suspected Portable Application" - Component

I don't usually look at component installations, but I happen to be trying to manually categorize all licenses as yes/no SaaS right now.  I noted this entry in components, with Flexera ID: arl://MGS-APP-00000448350.

The information given is "The portable executables may be related to authorized application but are generally worth being scrutinized because often related to pirate installations. The evidence can be ignored."

 

When I look at the evidence I see 348 entries across multiple products as benign as WinZip.

Just how is one expected to scrutinize the application in this situation?  Are there other scary catch-all buckets like this we need to be reviewing?

Do I win some sort of prize for finding this - a golden ticket, perhaps?

Thanks, David

(1) Solution

I don't see any suggestion that these files are necessarily or even likely "malicious" in the sense of being a security concern. But one possible concern is that things like this could represent a risk from a licensing perspective: they could indicate that people in your organization have licensed software on their devices without actually owning an appropriate license.

Reviewing evidence on a device-by-device could indeed be a practice or explore to see whether it is helpful for you in identifying risks that are of a concerning nature.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

(4) Replies
ChrisG
By Community Manager Community Manager
Community Manager

If you were concerned about the existence of any of the files that are included as evidence against this application, then you could:

  • Consider what devices the application has been recognized on
  • Look at the "Evidence > File" tab of a particular device to see details of what specific files related to the application have been found on that device

More generally, if you have executable files in your environment that you are concerned about and want to find instances of then you might use this application as inspiration showing how you could your own application(s) and file evidence recognition rules to find and report on them.

Your golden ticket is in the mail! 😄

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

@ChrisG , isn't it always?  😉

 

Okay, so the practice here is to review the evidence on a device-by-device basis and make any decisions from there?  A quick glance yesterday showed me entries like Chromium Portable.  Is what is being flagged here specifically the "portable" nature of the applications as potentially malicious?

Thanks, David

I don't see any suggestion that these files are necessarily or even likely "malicious" in the sense of being a security concern. But one possible concern is that things like this could represent a risk from a licensing perspective: they could indicate that people in your organization have licensed software on their devices without actually owning an appropriate license.

Reviewing evidence on a device-by-device could indeed be a practice or explore to see whether it is helpful for you in identifying risks that are of a concerning nature.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

Sure, though language like "suspected" and "pirate" may have led to my concern, @ChrisG .  I'll mark above as solution, though.  Best, David