UISS installation files
FAO ... Anyone worried about UISS installation files:
I have downloaded the file called UISS_Setup.exe from both the 'download.htm' webpage and the 'uiss.pe1pqx.eu' page.
I initially scanned the 5.4.3 file, only, using Kaspersky Security Cloud 188.8.131.521(d) and it showed up the infection I reported earlier. It still shows this,
even though the virus signature files are regularly updated. I can only assume there is a possible heuristic trigger that's causing the issue.
Subsequently; I have run scans using MBAM, ESET and Trend .... and they all show there is no problem.
I then ran the files through Kaspersky Threat Intelligence Portal and it too shows them as being clean.
In my 'ex' capacity in IT security, I would say these files are safe to install.
I've seen and had to deal with the results, 1st hand, of what ransomware can do and so it's always best to be cautious.
Where it states against UISS 5.4.3 (UISS_Setup.exe) .... temporary offline (use mirror) .... the file is NOT offline; in fact
the full file structure (ftp) is open to everyone, including the files you are trying to block.
Also; the files on the main page and the mirror site are completely different ....
The main page file:
and the mirror page file:
After all of the above, I decided to build a Virtual Machine Windows test environment and install the programme to see if it generated the
.com files and new registry key associated with Kaspersky's 'false positive' findings.
So it would appear that Kaspersky and Google are being a bit over cautious in their checking.