Troubleshoot 360 Total Security Secure Folder Pop Ups

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
During the installation of Secure Folders there are a number of pop ups from Qihoo 360. This I can live with, because Secure Folders does change the context menu of Explorer if the option is selected during installation. I read all the alerts and felt like I understood what was happening (except the driver ones, honestly). It was way more than usual, about 6 or 7. Also, there was an unusual number of HIPS pop ups from Private Firewall, maybe 8-10. I could tell Secure Folders makes some fairly heavy changes.

Here's the potentially bad part. About two hours ago, I set up Secure Folders to monitor a drive, and, then about 30 minutes ago, while I was browsing around Malware Tips, I got another pop up. Forgot to get a screenshot of the pop up, but attached pic shows the log entries for the event. Decided to block the event, because it sounds to me like a very unusual thing for a program to do. The request was to "Modify the certificate of a publisher". Anyone know why a developer might add this function to a program? Also, will the block break the program?

Modify Publisher Event 1.jpg

Other pictures show modify driver and modify shell events during the installation. There were a few of each of these in the logs.

Modify Driver Event 1.jpg Modify Context Menu.jpg

Attached the log of the events. Anyone see anything potentially dangerous? Why would a developer's program try to change a certificate and then an hour after the program installs? That's the main question I have.
 

Attachments

  • Qihoo Secure Folders Log.txt
    9 KB · Views: 505

AtlBo

Level 28
Thread author
Verified
Top Poster
Content Creator
Well-known
Dec 29, 2014
1,711
This explains signatures and certificates:

Software Publishers Certificates Explained - Certificate Authority Price List

Like to know whose certificate Secure Folders was attempting to change. Maybe its own? Still seems strange to me.

EDIT: Something from avira showing a threat that changes the same certificate (at the very bottom is the info...key ends with 242EFE):

TR/Cpete.1265696 - Avira Virus Lab

I don't think the program was changing its own certificate, considering this can be found in another threat. Maybe its from the same publisher, but what are the odds there? Seems more likely this goes after a Microsoft certificate?
 
Last edited:
Upvote 0

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top