I'm using 10.0.1.
An update of one of my portable apps tripped one of our IDS signatures. The signature triggers on a -agent string known to be used by various malware.
SRC: GET /project/portableapps/Google%20Chrome%20Portable/Additional%20Versions/GoogleChromePortable_17.0.963.46_online.paf.exe HTTP/1.1
SRC: -Agent: NSIS_Inetc (Mozilla)
SRC: Host: s.sourceforge.net
SRC: Pragma: no-cache
SRC: X-Forwarded-For:
SRC: Connection: Keep-Alive
Link to the IDS rule:
http://doc.emergingthreats.net/2011227
My advice would be to change the portable app update tool and have it provide it's own -Agent string.
Visit the Community page
our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
That's the standard NSIS ing plugin used by virtually all NSIS online installers. That's like blocking a message box that yells out "Hello World!"
Sure, viruses can stuff and tracking information, but that can be done with any language as well. I really don't think NSIS_Inetc should be blocked.
A different agent is used in 10.1 that should alleviate this issue in most strict corporate environments.
Sometimes, the impossible can become possible, if you're awesome!