cancel
Showing results for 
Search instead for 
Did you mean: 

Crowdstrike detects Connect Secure 9.1R16 as malware

ohiovpnuser
Occasional Contributor

Crowdstrike detects Connect Secure 9.1R16 as malware

Curious if anyone else who uses Crowdstrike (or other anti-malware products) has seen this?

 

We just upgraded a PSA3000 to Connect Secure v9.1R16 (build 20059) and upgraded ESAP to v4.0.4.   On our remote laptops we connect to the vpn using a web browser ("browser client") and that causes Pulse Secure Application Launcher (PSAL) to launch.   Almost immediately the Crowdstrike agent on the remote laptop began to detect files as "malicious".   This is during the portion where PSAL downloads the newer files from the Connect Secure appliance.    Initially one file was detected and quarantined, so we added an exception and tried to connect again only to have two more files detected and quarantined.  We have a ticket open with Pulse Secure tech support and waiting for their feedback.

 

In addition to Crowdstrike, at least one other anti-malware product also detects these files as malicious.

 

PSSetupClientInstaller.exe

https://www.virustotal.com/gui/file/35ff83f6c044dfd621c0a0c95626d934b099e729bdd27f100f82f909fdef9a26...

 

PulseSetupXP.exe

https://www.virustotal.com/gui/file/c6cdaf0edb5f9d701372a8303cb118acce5bd07786acb7d390274a2f58f8281d...

 

dsHostChecker.EXE

https://www.virustotal.com/gui/file/63e351b089edf2288d6a3c56e176687eb4511cb6042566c3e4946a42f22978f0...

 

 

1 REPLY 1
zanyterp
Moderator

Re: Crowdstrike detects Connect Secure 9.1R16 as malware

thank you for bringing that to our attention so we can investigate as well as sharing with the community so others are aware and can open cases as-needed