Defense+ detects possible malware behavior in OpenOfficePortable.exe. What is wrong with OpenOfficePortable.exe, what is it doing that D+ detects?
I use OpenOffice.org Portable 3.0.1, English: Apache OpenOffice Portable (full-featured office suite) | PortableApps.com
Thanks. 
[attachment deleted by admin]
If you are worried about what the D+ alert is saying, it says that for most unrecognized applications, which a majority of the time are completely safe.
Why the D+ heuristics see it as a possible threat? IDK, maybe because it’s executing itself. But, I get these types of alerts all the time with almost every new program.
They’re two executables if you look a second time, not one calling another instance of itself.
The heuristics alert is probably because portable apps may have to perform weird “virtualization” tricks to convince a program that’s not installled, that it’s installed… Just a guess.
Good eye.
I guess I assumed that because a lot of alerts (or at least the alerts I get) are usually from a new program trying to execute its own executable when I start it.
My guess is that the executable is packed. The heuristic engine for Defense+ seems to flag all packed executable files as suspicious.
Thanks .FaZio93., Japo and Ragwing.
An application executing itself, as .FaZio93. mentioned, is also something I don’t understand. 88) What happens, and why not always?
[attachment deleted by admin]
I’m not much into that, but from what I can guess, I would say that an executable needs to modify its own data, which can’t be done when running, so therefore, it terminates, does the modification, and then re-spawns. Or possible another file directly related to the executable, that can’t be modified when the executable is running. This is just a guess though.