Page 1 of 1

Help with win32.exe functions

Posted: Wed Oct 31, 2018 12:36 pm
by mavareno
Our security team has looked as the below executables and want me to remove them from our systems. They looked at the executables and uploaded them to virus total to see if they were malicious in any way and 1/3 of the results said to remove the software. I'm thinking they are false/positives. Can anyone let me know what the purpose to these are so I can report this back to them?

https://www.virustotal.com/en/file/8807ded3d63be6b5fbd8dec0c29b0c0eeb6e047eee2d18897c806ae91bb6fc63/analysis/1541002512/

Location of files: C:\Program Files\SAPIEN Technologies, Inc\PowerShell Studio 2017\ScriptEngines
SAPIEN PowerShell V2 Host (Windows Forms) Win32.exe
SAPIEN PowerShell V2 Host (Windows Service) Win32.exe

Re: Help with win32.exe functions

Posted: Wed Oct 31, 2018 5:22 pm
by Alexander Riedel
These files are the engines for the script packager for the designated platforms. If you remove the files you will
not be able to package for these targets.
Yes they 'usually' are false positive, but we have no control over what happens on your computer.
Many installers and applications get flagged by one or the other engine on virustotal.com, the site was not meant
to be an end-run virus scanner.
Send the files in question to the vendor of whatever YOUR virus scanner is (even if it is Windows Defender) and ask them
to verify their findings. Most vendors will whitelist files that are found to be false positives.