cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Regis
Level 12
Report Inappropriate Content
Message 1 of 6

Quest software - qwer.exe false positive Generic.dx!bbxl, noticed in dat 6550

Jump to solution

Just a heads up - if you have Quest software in your shop (for SQL interaction),  I'm seeing false positive detections of Generic.dx!bbxl on qwer.exe, one of their remote execution plugins.

I'll be able to pull samples and report them to avert tomorrow.

1 Solution

Accepted Solutions
Regis
Level 12
Report Inappropriate Content
Message 6 of 6

Re: Quest software - qwer.exe false positive Generic.dx!bbxl, noticed in dat 6550

Jump to solution

I too engaged mcafee support, and it seems mcafee has followed 13 other vendors over the cliff on this one.  

Research's first response was "13 other vendors agree--we won't call it a false positive."  Which of course would be a reasonable response if they thought I were reporting this for my health and didn't know what I was talking about.     Correspondingly, support was obliged to encourage me to add it to on access scan exceptions (relatively easy and in fact we'd already done this) as well as the multiple places where I have various on demand scan tasks (which is where this new one bit us--okay, now I'm irritated).  It's irritating because the qwer.exe I'm seeing on a few systems here that are affected by this false positive was shipped with a 2005 release of Quest Central 5.0.1 and unchanged in several succeeding releases.   This software has been around for 6 years.  It's not malware.   And no, first assigned support tech, it's not okay to close this case with this information because you haven't solved my problem (okay now I'm angry).   *sigh*  

Furthermore, the software is old enough that it's out of support with Quest, so even the vendor couldn't give me md5/sha1 sum's on it which left me to spin up a virgin vm  and dug up install media to gather up the info as the software vendor themselves calls it long out of support and couldn't help me with an md5sum.   And no, gentle Mcafee,  we're not going to pay additional support to Quest to upgrade functional  6 year old software with no public vulnerabilities just to work around your recently broken signature on Generic.dx!bbxl.  

And so, I've sent the original file to mcafee for an escalation back to research.  And they're working it back through the process.  And monitoring this thread, perhaps.

Here are the checksums of the original Quest qwer.exe as installed by Quest Central 5.0.1  (and stayed the same apparently for several releases thereafter).

$ sha1sum.exe *.exe

b83b2c29dcae40690994d1ee253ba2b4beb3939c *qwer.exe

$ md5sum.exe *.exe

b0690f1904043af64f90f45e948d95d5 *qwer.exe

View solution in original post

5 Replies
jgs
Level 7
Report Inappropriate Content
Message 2 of 6

Re: Quest software - qwer.exe false positive Generic.dx!bbxl, noticed in dat 6550

Jump to solution

Been noticing issues with 6550/6551 as well. 

OPCTest.exe is detected as a false positive.  It looks like some RSLinx dll might be as well.

ws65711
Level 7
Report Inappropriate Content
Message 3 of 6

Re: Quest software - qwer.exe false positive Generic.dx!bbxl, noticed in dat 6550

Jump to solution

JGS -

I am seeing this issue also with OPCTest.exe which is part of Rockwell Software RSLinx.   McAfee detects OPCtest.exe as containing a trojan, and subsequently there is an error starting RSLinx and/or attempting to do a "Who" in RSLinx.   This all just started yesterday (12/06/11) with an update to the McAfee AntiVurus Plus data file.

Have you found a solution to this?   Our customers will not allow our notebooks onto the plant floor without working virus protection.

jgs
Level 7
Report Inappropriate Content
Message 4 of 6

Re: Quest software - qwer.exe false positive Generic.dx!bbxl, noticed in dat 6550

Jump to solution

I called in to McAfee support, and they recommended creating an exclusion of **\OPCTEST\** for On-Access.  I also received an extra.dat file which will suppress the OPCTest detection.  I can provide the file, but as usual it's better to get it directly from the trusted source.

I can't confirm that this worked for me, right now we have On-Access disabled.  The tech I talked to said these instructions solved the issue for a couple other call-ins, so they should work.

Hope this helps,

Message was edited by: jgs
-Fixed my horrible grammar... on 07/12/11 3:04:36 CST PM
ws65711
Level 7
Report Inappropriate Content
Message 5 of 6

Re: Quest software - qwer.exe false positive Generic.dx!bbxl, noticed in dat 6550

Jump to solution

JGS -

Thanks.   We ended up installing a different release of RSLinx (which contains a different OPCTest.exe file) and that is currently working for us.

Regis
Level 12
Report Inappropriate Content
Message 6 of 6

Re: Quest software - qwer.exe false positive Generic.dx!bbxl, noticed in dat 6550

Jump to solution

I too engaged mcafee support, and it seems mcafee has followed 13 other vendors over the cliff on this one.  

Research's first response was "13 other vendors agree--we won't call it a false positive."  Which of course would be a reasonable response if they thought I were reporting this for my health and didn't know what I was talking about.     Correspondingly, support was obliged to encourage me to add it to on access scan exceptions (relatively easy and in fact we'd already done this) as well as the multiple places where I have various on demand scan tasks (which is where this new one bit us--okay, now I'm irritated).  It's irritating because the qwer.exe I'm seeing on a few systems here that are affected by this false positive was shipped with a 2005 release of Quest Central 5.0.1 and unchanged in several succeeding releases.   This software has been around for 6 years.  It's not malware.   And no, first assigned support tech, it's not okay to close this case with this information because you haven't solved my problem (okay now I'm angry).   *sigh*  

Furthermore, the software is old enough that it's out of support with Quest, so even the vendor couldn't give me md5/sha1 sum's on it which left me to spin up a virgin vm  and dug up install media to gather up the info as the software vendor themselves calls it long out of support and couldn't help me with an md5sum.   And no, gentle Mcafee,  we're not going to pay additional support to Quest to upgrade functional  6 year old software with no public vulnerabilities just to work around your recently broken signature on Generic.dx!bbxl.  

And so, I've sent the original file to mcafee for an escalation back to research.  And they're working it back through the process.  And monitoring this thread, perhaps.

Here are the checksums of the original Quest qwer.exe as installed by Quest Central 5.0.1  (and stayed the same apparently for several releases thereafter).

$ sha1sum.exe *.exe

b83b2c29dcae40690994d1ee253ba2b4beb3939c *qwer.exe

$ md5sum.exe *.exe

b0690f1904043af64f90f45e948d95d5 *qwer.exe

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community