I don't usually look at component installations, but I happen to be trying to manually categorize all licenses as yes/no SaaS right now. I noted this entry in components, with Flexera ID: arl://MGS-APP-00000448350.
The information given is "The portable executables may be related to authorized application but are generally worth being scrutinized because often related to pirate installations. The evidence can be ignored."
When I look at the evidence I see 348 entries across multiple products as benign as WinZip.
Just how is one expected to scrutinize the application in this situation? Are there other scary catch-all buckets like this we need to be reviewing?
Do I win some sort of prize for finding this - a golden ticket, perhaps?
Thanks, David
Oct 19, 2022 04:43 PM
I don't see any suggestion that these files are necessarily or even likely "malicious" in the sense of being a security concern. But one possible concern is that things like this could represent a risk from a licensing perspective: they could indicate that people in your organization have licensed software on their devices without actually owning an appropriate license.
Reviewing evidence on a device-by-device could indeed be a practice or explore to see whether it is helpful for you in identifying risks that are of a concerning nature.
Oct 20, 2022 08:28 PM
If you were concerned about the existence of any of the files that are included as evidence against this application, then you could:
More generally, if you have executable files in your environment that you are concerned about and want to find instances of then you might use this application as inspiration showing how you could your own application(s) and file evidence recognition rules to find and report on them.
Your golden ticket is in the mail! 😄
Oct 19, 2022 07:58 PM
@ChrisG , isn't it always? 😉
Okay, so the practice here is to review the evidence on a device-by-device basis and make any decisions from there? A quick glance yesterday showed me entries like Chromium Portable. Is what is being flagged here specifically the "portable" nature of the applications as potentially malicious?
Thanks, David
Oct 20, 2022 08:27 AM
I don't see any suggestion that these files are necessarily or even likely "malicious" in the sense of being a security concern. But one possible concern is that things like this could represent a risk from a licensing perspective: they could indicate that people in your organization have licensed software on their devices without actually owning an appropriate license.
Reviewing evidence on a device-by-device could indeed be a practice or explore to see whether it is helpful for you in identifying risks that are of a concerning nature.
Oct 20, 2022 08:28 PM
Sure, though language like "suspected" and "pirate" may have led to my concern, @ChrisG . I'll mark above as solution, though. Best, David
Oct 21, 2022 08:23 AM