ASG RD 2019 x64 doing ransomware attempts

[Michael Scholz]

First thanks you for your attention. We really take that seriously but we can't reproduce your findings by even using the latest scan engines to check the installer or installed files. But our assumption is that the file in the users appdate\temp directory will be used temporarily from the Nsis installer we use. You can find some articles in the internet that describe exactly the same behaviour about the un_a.exe, found by Trend Micro as doing "unauthorized file encryption" but it's indeed a false positive used as a uninstaller process by the installer. Depending on the heuristic methods used by the scanner false positives could occur easily and exactly your findings are declared as temp-files used by Nsis. It's possible that the file-creation of un_a.exe in "C:\Users\[username]\AppData\Local\Temp\~nsua.tmp\" may come from write protections through the Trend Micro AV Suite. But that's an assumption, after finding exactly the same situation in the support section of Nsis. They also say that TrendMicro's engine could give false positives on Nsis components ! If you want you can send me the exe file zipped and renamed as txt to my company adress for further research .

Best regards,
Michael Scholz