cancel
Showing results for 
Search instead for 
Did you mean: 
LANIAC
Level 7
Report Inappropriate Content
Message 1 of 9

Scheduled Scan with DAT 5709 has deleted some autorun.inf files

Hi guys,

our McAfee on demand scanner has deleted several autorun.inf files on our files servers over weekend. I am pretty sure, that this has happened by accident because all of these files are stored on our server since many months and are also scanned several times before.
The scanner claims to have a "Generic!atr" found in autorun.inf for example in VMWare Virtual Center 2.5 Folder.
Does anyone have seen similar issues with scans when the DAT 5709 is used? Thank you very much for your responses in advance.

PS: We are using VSE 8.5 with engine 5301.4018

kind regards

LANIAC

Moved from home products - MOD
Tags (2)
8 Replies
Highlighted

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

I saw this as well..

Actual Threat Names: Generic!atr
Affected Objects: c:\VMware-VIMSetup-2.5.0-U3-English\autorun.inf
First Event Time: 8/14/09 7:09:44 PM
PhilR
Level 12
Report Inappropriate Content
Message 3 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

Given the potential damage done by "disinfecting" false-positives like this, why do scheduled scans, anyway? They are a recipe for disaster.

Phil
LANIAC
Level 7
Report Inappropriate Content
Message 4 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

so in other words, you would never schedule a scan on clients and servers unless in a disaster scenario?

regards

LANIAC

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

We had false positives with DAT 5708 (Generic Dropper.jj). Logged a case but havent heard anything yet.
PhilR
Level 12
Report Inappropriate Content
Message 6 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files


There's been three or four false-positives over the last fortnight.

It seems that virusscan is likely under those circumstances to delete more non-malware than malware on a scheduled scan.

That makes me classify on-demand scanners as "Potentially Unwanted Programs" 🙂

Your risk analysis may differ from mine, however.

Cheers,

Phil
LANIAC
Level 7
Report Inappropriate Content
Message 7 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

Ok. Thank you guys for all the replies to my thread. I also made a case at McAfee support but unfortunately without a reply yet. I will keep you informed when I got a first answer from the support team. Nevertheless, as already mentioned, I am almost sure that this was a false positive detection from the McAfee engine and also the comments from david.noble and jsuuronen underline this.

regards

LANIAC
DV27
Level 7
Report Inappropriate Content
Message 8 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

We had a Autorun.inf deleted from a legit VMWare install zip file on Saturday morning.

McAfee have been very sloppy as of late re DATs.
tonyb99
Level 13
Report Inappropriate Content
Message 9 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

its getting almost as bad as CA