I have an issue with VirusScan 8.5i and MS Java virtual machine.... In some machines we have installed MS Java Virtual Machine and Sun Java because for some SW we need to have installed the MS Java Virtual Machine.... So in those machines, I just made the upgrade to the VirusScan 8.5i Patch 4 and everytime that some web application use the MS Java Virtual Machine appear the foolowing message
Rule name: IE Buffer Overflow Process to include: blank Process to exclude: BO:Writable BO:Heap File or folder: C:\Program Files\Internet Explorer\iexplore.exe
I was searching in the knowledge DB of McAfee and I found that the VirusScan detect the msjava.dll like a threath and McAfee said that it is not a flase positive.
Since McAfee said that it is not a false positive and they will not do nothing to solve it and MS doesn't give support of Java Virtual Machine anymore because the product is end of life.... So anyone can solve this issue in someway?
Generally, Exclude it by opening the VirusScan console and right click Access Protection. Choose View Log. Check to see the exact file name and rule for the block. The process that is being blocked will be the program you need to remember. You can then change the settings in the "Access Protection" section by altering the rule or you can sometimes add this to the exceptions by right clicking "Buffer Overflow Protection" listing, then adding the full listing in the "Exclusions" section.
thanks for your feedback... Like you said I try to exlcude the msjava.dll file of the scanning but it didn't work, the only way that work if I exclude the process iexplore.exe from the buffer over flow protection but for our organization we can not exclude this process becuase it's a big hole of security. I can not add the msjava.dll file like buffer over flow protection because these exclusions are only for process.
Eliminating "iexplore.exe" from the Buffer Overflow Protection isn't really "a big hole of security".. Excluding it from Buffer Overflow Protection doesn't mean that it's excluded entirely from Virus or Spyware scanning.. Internet Explorer still gets scanned using the "On Access Scanner" even if it's removed from BOP. On-Access Scanner options are separate from BOP and items such as "Script Scanning" are still enabled and if malware is ever "written-to" or "read from" the hard drive McAfee will still detect it..
It's a choice that only you and your organization can make, but there are a number of companies that disable Buffer Overflow Protection entirely..