FreeFileSync - Bundling Issue


  • Community Moderator

    I have installed FreeFileSync normally (not Portable) and I see the following files:

    1. C:\Program Files\FreeFileSync\FreeFileSync.exe
    2. C:\Program Files\FreeFileSync\Bin\FreeFileSync_Win32.exe
    3. C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe

    File 1. is detected by VulnDetect.
    It is only 464 KB in size and is only a Launcher that starts the correct EXE file (files 2. or 3.) depending on your system.
    So when I start FreeFileSync.exe (launcher) then the FreeFileSync_x64.exe is started as child process:

    FreeFileSync_Process_Tree.png

    So here you should show FreeFileSync (the launcher) as root application and show FreeFileSync (32-Bit) and FreeFileSync (64-Bit) as bundled applications.


  • VulnDetect Team Member

    @OLLI_S Like I said below, then this is not the same case as the other ones you mentioned.


  • Community Moderator

    @Tom said in FreeFileSync - Bundling Issue:

    Coincidentally, bundling is also useful in the cases where the original vendor supplies multiple main executables (either with different architectures or due to updates) and these happen to be the best choice for detecting the presence of the program.

    FreeFileSync provides a 32-Bit and a 64-Bit version.
    Same as CCleaner, Speccy and many others (that are already bundled).


  • VulnDetect Team Member

    The purpose of bundling is not to include all executables or libraries.

    In the case of FreeFileSync it is sufficient to detect the "launcher" as it contains sufficient with information and the vendor seems to have a solid policy of supplying useful and updated version information in both the launcher and the architecture specific executables.

    Bundling is primarily used to "bundle" certain applications (or in some cases libraries) such as 7-Zip, Java, Flash, NodeJS and others, which shouldn't be updated separately, but rather together with the program that bundles these.

    Coincidentally, bundling is also useful in the cases where the original vendor supplies multiple main executables (either with different architectures or due to updates) and these happen to be the best choice for detecting the presence of the program.

    We only display bundled programs, because we know that many power users such as you and @Anselm (I guess) like to know about these and their security state (and so do I 🙂 )