cancel
Showing results for 
Search instead for 
Did you mean: 
chiefcritic
Level 7

Ajax post code snippet identified as Trojan by McAfee

Jump to solution

Folks,

Greetings.

While trying to install the PPM to the exisiting Desktop Central Setup, McAfee throwed this error.

ManageEngine_Desktop_Central_7_0_0_SP-2_30.ppm, for Desktop Central 7 and McAfee VirusScan Enterprise 8.8 detected JS/Exploit-DialogArg.gen at this location:ÞSKTOPCENTRAL_INSTALL_DIR%webappsDesktopCentralWEB-INFlibAdventNetDesktopCentralWeb.jarswMetering_jsp.class0004852.js

The below are the specs of McAfee used.

McAfee Engine version:                5400.1158
McAfee AntiVirus DAT version:      6427.0

However, there is no such issue reported with the following AV solutions (tested and declared by different people)

  • Scan with Sophos 9.5.5 (Engine: 3.22.0;    Database: 4.68G, 167 updatefiles).  No virus or exploit found.
  • SEP (Symantec) has no issues
  • Trend Micro Worry Free had no issues with it.

Here is the result from VirusTotal

File name:

AdventNetDesktopCentralWeb.ujar

Submission date:

2011-08-04 13:26:39 (UTC)

Current status:

finished

Result:

            2                /42 (4.8%)

http://www.virustotal.com/file-scan/report.html?id=694a9a5b054938ee1ad8cf121ffbf10710369bc120c6bbf73...

Why is this False positve alarm from McAfee?  Whats happening?

regards

romanus

http://www.desktopcentral.com

Message was edited by: chiefcritic on 8/11/11 6:27:40 AM CDT

Message was edited by: chiefcritic on 8/12/11 4:13:43 AM CDT
0 Kudos
1 Solution

Accepted Solutions
jhall1
Level 9

Re: Ajax post code snippet identified as Trojan by McAfee

Jump to solution

Hey!

I would re-scan the file, it looks like McAfee Labs revised the DAT 6433 (yours was 6427). It might have been a false postive that was corrected with a later DAT release.  Send it back up to be retested and let us know!

http://vil.nai.com/vil/content/v_126351.htm

0 Kudos
5 Replies
chiefcritic
Level 7

Re: Ajax post code snippet identified as Trojan by McAfee

Jump to solution

Hello

Anyone to check this?

regards

romanus

http://www.desktopcentral.com

0 Kudos
Highlighted
exbrit
Level 21

Re: Ajax post code snippet identified as Trojan by McAfee

Jump to solution

Discussion moved from Business General Discussion to Security Awareness > Corporate User Assistance for better attention.

0 Kudos
jhall1
Level 9

Re: Ajax post code snippet identified as Trojan by McAfee

Jump to solution

Hey!

I would re-scan the file, it looks like McAfee Labs revised the DAT 6433 (yours was 6427). It might have been a false postive that was corrected with a later DAT release.  Send it back up to be retested and let us know!

http://vil.nai.com/vil/content/v_126351.htm

0 Kudos
chiefcritic
Level 7

Re: Ajax post code snippet identified as Trojan by McAfee

Jump to solution

Folks,

I've tried scanning the same PPM/related JAR files with the latest DAT (6440) updated and now McAfee is not detecting Desktop Central PPM with Trojan suspect.

Appreciate your update.

regards

romanus

http://www.desktopcentral.com

0 Kudos
chiefcritic
Level 7

Re: Ajax post code snippet identified as Trojan by McAfee

Jump to solution

Hi

Thanks for the update.

Let me quickly check the PPM with the DAT 6433 or later and update here.

regards

romanus

http://www.desktopcentral.com

0 Kudos