I will make this short. Basically, I did a thorough scan of my computer using ESET and it had 2 detections but did not clean anything. I have heard of ESET making false detections on similar files, but I want to know if anyone knows anything about this. This is how it marked the files:
c:\windows\installer\37681.msi » MSI » ExpressVPN.cab » CAB » nssm.exe_32_Fixed_ID - a variant of Win32/NSSM.M potentially unsafe application - retained
c:\windows\installer\37681.msi » MSI » Binary.nssm.exe_32 - a variant of Win32/NSSM.M potentially unsafe application - retained
Does anyone know if these are false detections or should I be worried about these? I tried to research NSSM.M but only found things on NSSM.D and NSSM.A and such.
Hello,
It is a potentially unsafe application. It may be safe to use in some situations, and in other situations it may be dangerous. It is not outright malicious software, but it is software that can be used for both benign and malicious purposes. It is up to you to decide whether you wish to use it.
Regards,
Aryeh Goretsky
This is the Non-sucking service manager. Projects use it to manage their services but it may also be used by malware to run as a service.
The A/B/M distinction would be an arbitrary distinction that only makes sense to ESET.
They’re just PUPs it’s telling you they’re potentially unsafe applications. If you downloaded and installed ExpressVPN from the legitimate website than it is more than likely safe. ExpressVPN is junk though and could be doing things to your system Eset determines as not safe.
So should I be worried about this or is it part of my computer?
I never downloaded ExpressVPN though, it has been on my computer ever since I got it a few years ago. I’m pretty sure it came already installed but I may be wrong.
Does ExpressVPN have a reason to run as a service? Probably.
Do you trust ExpressVPN? It’s your computer.
Could have been pre installed yes
Are both of those logs for ExpressVPN?