Suspicious file reported by HitmanPro

May 24, 2021 6:19 AM from

Got a suspicious file report from a HitmanPro scan, as per below log excerpt. Can you share your thoughts? Your feedback most welcome! Suspicious file _____________ C:\Program Files (x86)\Stardock\Fences\Fences.exe Size . . . . . . . : 4 854 200 bytes Age . . . . . . . : 10.8 days (2021-05-13 16:12:08) Entropy . . . . . : 7.3 SHA-256 . . . . . : 2614A19C9D598FB5F28A65E9C2DB1F857AE6DE38A054AE75F8C979E83D4CDFDB Product . . . . . : Fences Publisher . . . . : Stardock Corporation Description . . . : Fences Settings Version . . . . . : 3.0.9.11 RSA Key Size . . . : 2048 Parent Name . . . : C:\Windows\explorer.exe LanguageID . . . . : 0 Authenticode . . . : Valid Running processes : 14592 Fuzzy . . . . . . : 23.0 The file is completely hidden from view and most antivirus products. It may belong to a rootkit. Uses the Windows Registry to run each time the user logs on. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Program starts automatically without user intervention. The file is in use by one or more active processes. Time indicates that the file appeared recently on this computer. Program is code signed with a valid Authenticode certificate. Startup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fences HKU\S-1-5-21-231460157-1249037466-3254306864-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Fences

fences

5,479 views 6 replies

Reply #1 May 24, 2021 6:51 AM from

Stardock Forums Top

I think that is false positive. Anyway, I have forward your problem/question to Stardock Support Team for their assistance. Please keep an eye on this thread for any updates. We appreciate your feedback and patience.

Thanks

Basj,
Stardock Community Assistant

Reply #2 May 24, 2021 7:56 AM from

Stardock Forums Top

Basj - I agree with you, most probably it is the usual false positive, but just wanted to make sure and alert the Support Team and get a clarification on this alert/suspicion. Thank you for your help! Brgds, Emanuel ---

Fences - Organize your desktop icons today!

Reply #3 May 24, 2021 7:58 AM from

WinCustomize Forums Top

It's a false positive....;)

Reply #4 May 24, 2021 11:00 AM from

Stardock Forums Top

Jafo - thank you for your feedback! Also agree it might be a false positive, however, it is rather strange, this alert popped out after more than 3 years use of HitmanPro and Fences running together! Well .. anyway, better it is so!

Reply #5 May 24, 2021 11:43 AM from

Stardock Forums Top

What tends to happen is various AV proggies add signatures...updating their database that's used for checking....and something that is a real issue can have a signature close to a safe proggy such as Fences...and both are flagged...until they eventually correct accuracy and don't get innocent ones involved.

As you know, Fences is a shell enhancement which by necessity has to auto-load, etc...one of the issues that Hitman has noticed as a symptom of a nasty...;)

Reply #6 May 24, 2021 1:34 PM from

Stardock Forums Top

Jafo - got it! Thank you for your clarification! Brds

Welcome Guest! Please take the time to register with us.

Richer content, access to many features that are disabled for guests like commenting and posting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!