Since 1994, I've been installing SPSS for Windows (renamed to PASW Statistics, starting with v17). One of the issues that comes up from time to time is how the Sentinel Licensing Management (LM) product (currently owned by SafeNet, Inc., formerly by Rainbow Technologies, Inc.), which SPSS utilizes for software license enforcement, creates very small (sometimes 0 byte) files. These files have .dll and/or .tgz extensions and some appear to only be created during installation, while others, if removed, are created every time the SPSS/PASW application is launched.
Here are the most commonly created Sentinel LM-related file names I have found on our systems, created by installing or running SPSS/PASW versions 18, 15, and/or 14.
SPSS v14: nsprs.dll, nsprs.tgz, ssprs.dll, ssprs.tgz
SPSS v15: lsprst7.tgz, lsprst7.dll, sysprs7.tgz, sysprs7.dll, tmpPrst.tgz
SPSS v18: grcauth1.dll, grcauth2.dll, prsgrc.dll, prsgrc.tgz
Here are the names of files found under the %windir%\system32 folder which, at least in my experience, are only created when first installing SPSS/PASW :
clauth1.dll. clauth2.dll, serauth1.dll, serauth2.dll, and servdat.slm (a hidden file)
I have found that deleting these files does not prevent SPSS/PASW from launching and running properly.
The primary reason for this post is that I've found some AntiMalware scanners report some of these files with the .dll extension as being malicious. For example, Malwarebytes logs serauth1.dll and serauth2.dll as a "Trojan.Agent".
For example, do a web search and the serauth1.dll and serauth2.dll file names often come up with people asking what to do about their Windows PCs when a scanner detects those files as being malicious. Now, of course, any real malware can use those file names if they so choose, but I have found several different forum board posts where the information the user includes clearly shows that they have either SPSS/PASW or CGTech VERICUT installed and both of those applications are known to utilize the Sentinel LM components.
Full AV software products will rarely, if ever, flag actual Sentinel LM-created files as malware. In fact, I have uploaded several of these files to Virustotal and none have ever been flagged by any of the AV products they test files against. Especially when the files are 0 bytes in size, as is the case for serauth1.dll and serauth2.dll (when SPSS/PASW creates them anyway), clearly some AntiMalware scanners are flagging some of these files simply because of the filename and not because of any actual executable code (malicious or otherwise).
Several of the binaries included with an SPSS/PASW installation have references to the files above, such as: lsapiw32.dll
Version info, as included with SPSS v15:
Rainbow Technologies, Inc.
LSAPIW32
7, 3, 0, 6
Integrated Client DLL
Copyright ? 2004 Rainbow Technologies, Inc.
lssrv32.dll
Sentinel LM
7, 3, 0, 6
Version info, as included with PASW v18:
SafeNet, Inc.
LSAPIW32
8, 2, 2, 300
Integrated Client DLL
Copyright (C) 2008 SafeNet, Inc.
lssrv32.dll
Sentinel RMS Development Kit
8, 2, 2, 300
Blog Archive
Search This Blog
