5 Replies Latest reply on Aug 17, 2011 10:13 AM by chiefcritic

    Ajax post code snippet identified as Trojan by McAfee





      While trying to install the PPM to the exisiting Desktop Central Setup, McAfee throwed this error.

      ManageEngine_Desktop_Central_7_0_0_SP-2_30.ppm, for Desktop Central 7 and McAfee VirusScan Enterprise 8.8 detected JS/Exploit-DialogArg.gen at this location:ÞSKTOPCENTRAL_INSTALL_DIR%webappsDesktopCentralWEB-INFlibAdventNetDesk topCentralWeb.jarswMetering_jsp.class0004852.js


      The below are the specs of McAfee used.


      McAfee Engine version:                5400.1158
      McAfee AntiVirus DAT version:      6427.0


      However, there is no such issue reported with the following AV solutions (tested and declared by different people)


      • Scan with Sophos 9.5.5 (Engine: 3.22.0;    Database: 4.68G, 167 updatefiles).  No virus or exploit found.
      • SEP (Symantec) has no issues
      • Trend Micro Worry Free had no issues with it.


      Here is the result from VirusTotal


      File name:




      Submission date:


      2011-08-04 13:26:39 (UTC)


      Current status:






                  2                /42 (4.8%)


      http://www.virustotal.com/file-scan/report.html?id=694a9a5b054938ee1ad8cf121ffbf 10710369bc120c6bbf736293c9e9e8e0170-1312464399#


      Why is this False positve alarm from McAfee?  Whats happening?






      Message was edited by: chiefcritic on 8/11/11 6:27:40 AM CDT


      Message was edited by: chiefcritic on 8/12/11 4:13:43 AM CDT