Can you confirm that?
I mean, can McAfee confirm that the latest update falsely recognizes valid file OCSlogob.exe as "generic downloader" trojan? It's 3 year old installation utility from "OCS Inventory" http://www.ocsinventory-ng.org/
Please let us know about the details of the file that you are trying to download from http://www.ocsinventory-ng.org/ also about the version details of the McAfee programs that you have installed it on the computer
I am experiencing the same problem. My scanner .dat is from Aug 30th, the same problem happened with yesterdays .dat.
To reproduce the problem, download version 1.02RC2 of the OCSNG windows client from sourceforge (OCSNG_WINDOWS_AGENT_1.02_RC2.zip / go to http://www.ocsinventory-ng.org/index.php?page=old-release and click on "OCS Inventory NG File releases") and scan the contents. This produces a trojan alarm for OcsLogon.exe contained in the .zip file.
The version number of the executables inside the .zip is 188.8.131.52
Please advise if this is a false alarm.
I just downloaded the OCS exe file in my computer and everything seems to be fine, so please check the version details of your McAfee programs and if they are not up-to-update, please check for updates and then check the status
Note that, as I already wrote in my previous message, the problem occurrs with a certain version of the windows client. Apparrently, what you downloaded was the server!
Again, please check version 1.02RC2 of the windows client. Download OCSNG_WINDOWS_AGENT_1.02_RC2.zip and check the contents.
To be sure, here are some md5sums:
When a file is scanned, VirusScan compares it to known threats. VirusScan also uses heuristic techniques to detect unusual behavior. When a file cannot be matched to a known threat, but exhibits unusual and possibly threatening behavior, VirusScan utilizes Artemis technology to evaluate the threat of the unknown file. If the file is deemed unsafe, VirusScan will quarantine the file to protect your computer.
If you feel that VirusScan has incorrectly quarantined a file you know to be safe, you can recover that file using the steps below.
Email: All files submitted via email must be packaged in a .ZIP archive. The archive must be less than 3 megabytes in size and can contain no more than 30 files. Additionally, you must password-protect the archive with the password infected. Failure to follow these guidelines will cause your submission to be rejected.
NOTE: If you are submitting a Spyware sample, the subject of the email must be MAS Content.
Email submissions should be sent to firstname.lastname@example.org. If you submit a sample via email, include the additional information below to help speed the sample review process:
> A list of all files contained in the sample submission, including a brief description of where or how the files were found.
> What symptoms cause you to suspect that your computer is infected.
> Whether any products detected a virus or spyware (version number, company, virus/spyware name given).
> Your McAfee Product information (Product, Engine and DAT versions).
> System details that may be relevant (Operating System, Service Packs).
> Your name, company name, phone number and email address if possible.
McAfee Online Community Moderator
When a file is scanned, VirusScan compares it to known threats.
The problem is that after the update VirusScan stopped comparing correctly. As a result, an old helthy file began being recognized as Trojan. That's a bug that is supposed to be fixed ASAP.
VirusScan also uses heuristic techniques to detect unusual behavior.
I don't think heuristics are involved here, but even if they are, it's only the new version that makes mistake.The file was scanned many times and it was OK with McAfee for at least a year.
Aldrin, you checked OCS.exe, though Kyle referred you to OCSlogon.exe from OCSNG_WINDOWS_AGENT_1.02_RC2.zip.
Yoo should download OCSNG_WINDOWS_AGENT_1.02_RC2.zip, not OCS.exe.
Message was edited by: alexei on 9/1/10 1:08:53 AM CDTMessage was edited by: alexei on 9/1/10 1:09:24 AM CDT