FileZilla app blocked 2019

[MeCems74]

Downloaded Malwarebytes 3.7 this morning, 2/23/19.  FileZilla app is now blocked.  It does not matter what version of FileZilla.  Malwarebytes blocks them all.

I am out of business now it seems.

Version before 3.7 was not blocking FileZilla.  Why is this one?

What is a good alternative to FileZilla if there is a real threat?

[1PW]

Hello @MeCems74 and

With the update of Malwarebytes for Mac 3.6.21 > 3.7.30, the App Block feature was introduced.

The v3.40.0 client of FileZilla's disk image file returns the following VT analysis:

https://www.virustotal.com/en/file/3ff81c70dcf11ed18d11e47913655d44aa7d258ec83a0cb8cf987a652705cb43/analysis/

From the Malwarebytes for Mac pull-down menu bar icon, Stop App Block could be selected and similarly so from the Malwarebytes GUI.

In the presence of the above 7/51 VT report, the call is yours.

HTH

Edited February 23, 2019 by 1PW

[alvarnell]

As @1PW found, the latest version is 3.40.0 and if you download only the app from this page https://filezilla-project.org/download.php?show_all=1 the VT analysis comes back clean:

https://www.virustotal.com/#/file/3007f11ef25947c58b71c675008f1bb248118e051e04e800f1b8b59dd3d7a365/detection

What contains the Installcore adware is the monetized installer that comes on the .dmg version, not the app. Although having the app is an indicator that one may have installed adware, the app itself has never been found to be infected with anything. 

IMHO, I don't think it should be blocked and MBAM will clean up the Installcore infection.

[MeCems74]

Thank you for the information.  I have turned App Block Protection 'OFF' in order to use FileZilla 3.40.0.

 

Unfortunately, all other apps are unblocked as well.

 

But I'm back in business after a day reviewing other software.  I was ready to buy a rival in order to continue using Malwarebytes.

 

Thanks

 

[treed]

We reviewed this detection, and were able to tighten it down to not block FileZilla. However, we are still blocking the FileZilla installer, which installs the Spigot adware and displays analysis avoidance behavior. (If it thinks it's being analyzed by a security researcher, it acts innocent and doesn't install Spigot.) This is definite shady behavior, so we will continue to block this installer.

However, I do have to say that I personally would never trust any developer who is willing to use an adware installer, and would never use any software from such a developer.

[MeCems74]

Thanks Thomas.  All I've ever had was the app itself. 

I love Malwarebytes more than File Zilla and was right on the edge of buying another app.  You saved me from finished a review of similar apps, the learning curve and the money.

I've turned App Block ON again.

Martin

[treed]

I'd still consider getting another app. Even though I haven't seen evidence of FileZilla itself doing anything shady, I still don't trust any developer willing to distribute an installer that will infect people who run it.

I personally use Transmit, from Panic, and have for years. It's truly excellent, has some really powerful features, and it's simple to use. It's not free, of course, but these days I'm increasingly skeptical of anything free, due to the increasing prevalence of developers of free apps making money by bundling adware or collecting and selling user data. There is still legitimate and trustworthy free software out there, but when there are significant red flags for a piece of software, it's wise to avoid.