7z.exe in CCTV Surveillance Progam Files Folder

Question

The CEO of my company installed 7zip to his system. Kaspersky Endpoint Security 10 notified him of vulnerabilities report. He then updated the program to the latest version but it didn't help so he decided to uninstall 7zip from his system.

However, he is still worried because the anti-virus report is saying that the 7z.exe managed to infiltrate our CCTV Surveillance (SmartPSS) folder in Program Files even though the 7zip is already uninstalled.

I have checked with my own Laptop and I saw the same executable file in the same Program Files Folder.

Internet said that 7z.exe is not harmful. But my boss is not convinced from that statement because he wants the explanation why this program managed to infiltrate a surveillance system.

Questions:

1. Does anyone here experienced any 7zip infiltration?
2. Can I have Tips on how to remove 7z.exe from other Program Files folder?
3. Is there any explanation why 7z.exe managed to copy himself to other Program?

Answer 1

7zip is a perfectly legitimate open source unzipping software. If your CEO got it from a non official source, we could have a problem. I suspect kaspersky is overreacting.

From experience - CCTV DVRs are typically linux boxen with a custom layer on top. They might natively store logs compressed periodically, and often have a bunch of additional files that store additional data. Its possible they use 7zip to open formats like gzip that are not natively supported on windows. Its there because it belongs there, is needed and kaspersky might be assuming cause some folks use 7zip for nefarious purposes (its a small, light efficient application perfect for dropping into a system) its bad.

Removing it might break functionality on the DVR software.

You need to ask yourself 2 questions.

Are these copies of 7zip legitimate or something pretending to be 7zip?

You could upload the 'suspect' copies of 7zip to something like virustotal to get a second opinion

For the copy he installed, you could 'simply' get a copy of 7zip off of the official site, and presumably back up and replace the the one on the CCTV software unless they've made some changes.

I'd also wonder why kaspersky is flagging 7zip - a quick google search suggests its a known issue, and it looks like its simply being paranoid over a well known, popular FOSS software.