Joe Sandbox detects latest plugin as suspicious.

[0xGitGuy]

https://www.joesandbox.com/analysis/1653934/0/html

Not a security expert, but can someone help explain what this means?

[pnedev]

Hello @0xGitGuy ,

I am the ComparePlus developer and if this question is for me to answer (it probably should because this channel here is for bug reports, suggestions and help) then I have no idea what this site is analyzing and reporting. ComparePlus has been around for a long time now and I have never observed (and nobody using it has ever reported) a security problem with it. Its code is not doing anything malicious, it is compiled and deployed by AppVeyor (https://ci.appveyor.com/project/pnedev/compareplus/builds/51626373 for example) and I doubt it is injecting some malicious code when doing the release. You could probably extract the files from the archive - there are 3 DLL files which you could check one by one. ComparePlus.dll is the main plugin file that can work even without the other two. The other two are libraries DLL files - one for performing compares against Git repository files and the SQLlite is for compares against SVN repository files. I don't know if those libraries pose any security threat but those are very wide spread and popular and should be fine. Sometimes online scanning tools give false-positive results even on perfectly safe programs and files but it is you who should decide what to trust. Perhaps try scanning with other tools as well.

BR

[pnedev]

Closing this issue as irrelevant.