Business Intelligence Tools

Spotfire Malware Flag

Normally, I lead off with questions intending to help the user decipher whether the post is relevant to them.  In this case, the questions I came up with were almost too comical to take seriously.  Here they are anyway….

  • Are you suspicious that Spotfire is attacking your computer?
  • Has your company’s security team flagged Spotfire temp files?
  • Are you worried malware has been installed on your computer veiled as Spotfire files?

Most of my blog post ideas come from situations I encounter in my day to day work.  Last week, my company’s IT security folks contacted me this week because our new malware program flagged my laptop and the Spotfire temp folder as suspicious.  What do I mean suspicious?  Well, the software detected that .exe files were being run on my machine that “looked like malware”.  First, security wanted to confirm I was actually using my laptop and wasn’t on vacation with some foreign invader remoting into my machine.  Once we established that was not the case, I contacted TIBCO for more information on the files in question.  Rarely do we dig deep into our temp folders, but that’s what I did this week.

Suspicious Files

The files in question were located in AppData at the file path shown.  The Spotfire folder also contained a subfolder for each version of Spotfire that has ever run on this laptop with all of their own subfolders.  What you see in the screenshot is actually a recreation.  Previously, the 7.12 folder contained about 50 subfolders with thousands of temp files within those folders.

Some of the folders were empty, and others had files that look like this, with different folders containing different extensions.  The .exe my security team flagged had a .doc.exe extension.  It kinda looks like malware doesn’t it?

Call in the Experts

While I felt fairly certain these temp files were not malicious, you can’t be too careful with internet security.  No one wants their idle Wednesday rocked with viruses and malware.  TIBCO responded quickly and confirmed Spotfire uses the temp files for housekeeping tasks.  They run when Spotfire runs and perform tasks like loading config files.

Lastly, some of them disappear when the application closes, but not all of them, which is how I accumulated so many.  They are all created upon opening the application.  I deleted everything in the TEMP folder except Data Storage and observed them recreating upon the next analysis session.  You may delete all of them without consequence after closing the application.  Do not delete them while Spotfire is open.  Bad things can happen if you do that, including not being able to save your DXPs.  I recommend cleaning this out every now and then, but it’s nothing to lose sleep over.

Spotfire Version

Content created with Spotfire version 7.12.

Leave a Reply

Your email address will not be published. Required fields are marked *