0 Replies Latest reply on Jan 29, 2008 2:55 AM by saulins

    On Access Scan - Script Execution Blocked for company helpdesk application

      Hello .

      Our company starts to use helpdesk application:
      http://www.oneorzero.com/

      Whenever user goes to login page the Mcafee VirusScan Enterprise On Access Scaner gives an "VirusScan Alert!"

      These are records which are generated each time in ONAccessScanLog.txt:

      1/29/2008 10:22:12 AM Script execution blocked username iexplore.exe(http://helpdesk.domain.com/index.php) Script executed by iexplore.exe Exploit-IFrame (Trojan)
      1/29/2008 10:24:01 AM Deleted (Clean failed) domain\username C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\username\Local Settings\Temporary Internet Files\Content.IE5\WHQ7OH6Z\index[2].php\index[2]\00000f07.js Exploit-IFrame (Trojan)
      1/29/2008 10:24:02 AM Deleted AIRBALTIC\rpl C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\username\Local Settings\Temporary Internet Files\Content.IE5\WHQ7OH6Z\index[1].htm\00000f07.js Exploit-IFrame (Trojan)

      i can't find the way how to exclude this from OAS that ist thas not those fault messages. I even try to add JS filetype exclusions or the script name - 00000f07.JS to file name exclusions but the result is the same. Even if I disable the ScriptScan option -result the same. Howeever this ofcaurse could not be the solution.

      How could I configure to exclude those alert messages exactlly from that URL.

      This works fine if I do not use IE but Opera or Firefox.

      We ePolicy Orcester 4.0, VSE 8.5.0.781, ePolicy Orchester Agent 3.6.0.546