cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 9

Scheduled Scan with DAT 5709 has deleted some autorun.inf files

Hi guys,

our McAfee on demand scanner has deleted several autorun.inf files on our files servers over weekend. I am pretty sure, that this has happened by accident because all of these files are stored on our server since many months and are also scanned several times before.
The scanner claims to have a "Generic!atr" found in autorun.inf for example in VMWare Virtual Center 2.5 Folder.
Does anyone have seen similar issues with scans when the DAT 5709 is used? Thank you very much for your responses in advance.

PS: We are using VSE 8.5 with engine 5301.4018

kind regards

LANIAC

Moved from home products - MOD
Tags (2)
8 Replies
Highlighted

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

I saw this as well..

Actual Threat Names: Generic!atr
Affected Objects: c:\VMware-VIMSetup-2.5.0-U3-English\autorun.inf
First Event Time: 8/14/09 7:09:44 PM
Highlighted
Level 12
Report Inappropriate Content
Message 3 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

Given the potential damage done by "disinfecting" false-positives like this, why do scheduled scans, anyway? They are a recipe for disaster.

Phil
Highlighted
Level 7
Report Inappropriate Content
Message 4 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

so in other words, you would never schedule a scan on clients and servers unless in a disaster scenario?

regards

LANIAC
Highlighted

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

We had false positives with DAT 5708 (Generic Dropper.jj). Logged a case but havent heard anything yet.
Highlighted
Level 12
Report Inappropriate Content
Message 6 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files


There's been three or four false-positives over the last fortnight.

It seems that virusscan is likely under those circumstances to delete more non-malware than malware on a scheduled scan.

That makes me classify on-demand scanners as "Potentially Unwanted Programs" 🙂

Your risk analysis may differ from mine, however.

Cheers,

Phil
Highlighted
Level 7
Report Inappropriate Content
Message 7 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

Ok. Thank you guys for all the replies to my thread. I also made a case at McAfee support but unfortunately without a reply yet. I will keep you informed when I got a first answer from the support team. Nevertheless, as already mentioned, I am almost sure that this was a false positive detection from the McAfee engine and also the comments from david.noble and jsuuronen underline this.

regards

LANIAC
Highlighted
Level 7
Report Inappropriate Content
Message 8 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

We had a Autorun.inf deleted from a legit VMWare install zip file on Saturday morning.

McAfee have been very sloppy as of late re DATs.
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 9 of 9

RE: Scheduled Scan with DAT 5709 has deleted some autorun.inf files

its getting almost as bad as CA

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community