cancel
Showing results for 
Search instead for 
Did you mean: 
alexei
Level 7

OCSlogon.exe - false positive after the last update

Can you confirm that?

I mean, can McAfee confirm that the latest update falsely recognizes valid file OCSlogob.exe as "generic downloader" trojan? It's 3 year old installation utility from "OCS Inventory" http://www.ocsinventory-ng.org/

0 Kudos
8 Replies
Aldrin
Level 12

Re: OCSlogon.exe - false positive after the last update

Please let us know about the details of the file that you are trying to download from http://www.ocsinventory-ng.org/ also about the version details of the McAfee programs that you have installed it on the computer

0 Kudos
Kyle
Level 7

Re: OCSlogon.exe - false positive after the last update

I am experiencing the same problem. My scanner .dat is from Aug 30th, the same problem happened with yesterdays .dat.

To reproduce the problem, download version 1.02RC2 of the OCSNG windows client from sourceforge (OCSNG_WINDOWS_AGENT_1.02_RC2.zip / go to http://www.ocsinventory-ng.org/index.php?page=old-release and click on "OCS Inventory NG File releases") and scan the contents. This produces a trojan alarm for OcsLogon.exe contained in the .zip file.

The version number of the executables inside the .zip is 4.0.4.8

Please advise if this is a false alarm.

0 Kudos
Aldrin
Level 12

Re: OCSlogon.exe - false positive after the last update

I just downloaded the OCS exe file in my computer and everything seems to be fine, so please check the version details of your McAfee programs and if they are not up-to-update, please check for updates and then check the status

OCS.JPG

0 Kudos
Kyle
Level 7

Re: OCSlogon.exe - false positive after the last update

Note that, as I already wrote in my previous message, the problem occurrs with a certain version of the windows client. Apparrently, what you downloaded was the server!

Again, please check version 1.02RC2 of the windows client. Download OCSNG_WINDOWS_AGENT_1.02_RC2.zip and check the contents.

To be sure, here are some md5sums:

4f62d6d11481cda2239d18d964b9aee9 *OCSNG_WINDOWS_AGENT_1.02_RC2.zip

c3efadb668a034658f90687e954794d3 *OcsLogon.exe

0 Kudos
Aldrin
Level 12

Re: OCSlogon.exe - false positive after the last update

Oh ok, will check it out and let you know...

0 Kudos
Dinz
Level 16

Re: OCSlogon.exe - false positive after the last update

Hello there,

When a file is scanned, VirusScan compares it to known threats. VirusScan also uses heuristic techniques to detect unusual behavior. When a file cannot be matched to a known threat, but exhibits unusual and possibly threatening behavior, VirusScan utilizes Artemis technology to evaluate the threat of the unknown file. If the file is deemed unsafe, VirusScan will quarantine the file to protect your computer.

If you feel that VirusScan has incorrectly quarantined a file you know to be safe, you can recover that file using the steps below.


Email: All files submitted via email must be packaged in a .ZIP archive. The archive must be less than 3 megabytes in size and can contain no more than 30 files. Additionally, you must password-protect the archive with the password infected. Failure to follow these guidelines will cause your submission to be rejected.

NOTE: If you are submitting a Spyware sample, the subject of the email must be MAS Content.

Email submissions should be sent to virus_research@avertlabs.com. If you submit a sample via email, include the additional information below to help speed the sample review process:


> A list of all files contained in the sample submission, including a brief description of where or how the files were found.
> What symptoms cause you to suspect that your computer is infected.
> Whether any products detected a virus or spyware (version number, company, virus/spyware name given).
> Your McAfee Product information (Product, Engine and DAT versions).
> System details that may be relevant (Operating System, Service Packs).
> Your name, company name, phone number and email address if possible.

Regards,

Dinesh K

McAfee Online Community Moderator

0 Kudos
alexei
Level 7

Re: OCSlogon.exe - false positive after the last update

When a file is scanned, VirusScan compares it to known threats.

The problem is that after the update VirusScan stopped comparing correctly. As a result, an old helthy file began being recognized as Trojan. That's a bug that is supposed to be fixed ASAP.

VirusScan also uses heuristic techniques to detect unusual behavior.

I don't think heuristics are involved here, but even if they are, it's only the new version that makes mistake.The file was scanned many times and it was OK with McAfee for at least a year.

0 Kudos
alexei
Level 7

Re: OCSlogon.exe - false positive after the last update

Aldrin, you checked OCS.exe, though Kyle referred you to OCSlogon.exe from OCSNG_WINDOWS_AGENT_1.02_RC2.zip.

Yoo should download OCSNG_WINDOWS_AGENT_1.02_RC2.zip, not OCS.exe.


Message was edited by: alexei on 9/1/10 1:08:53 AM CDT

Message was edited by: alexei on 9/1/10 1:09:24 AM CDT
0 Kudos