5 Replies Latest reply on Aug 17, 2011 10:13 AM by chiefcritic

    Ajax post code snippet identified as Trojan by McAfee

      Folks,

       

      Greetings.

       

      While trying to install the PPM to the exisiting Desktop Central Setup, McAfee throwed this error.

      ManageEngine_Desktop_Central_7_0_0_SP-2_30.ppm, for Desktop Central 7 and McAfee VirusScan Enterprise 8.8 detected JS/Exploit-DialogArg.gen at this location:ÞSKTOPCENTRAL_INSTALL_DIR%webappsDesktopCentralWEB-INFlibAdventNetDesk topCentralWeb.jarswMetering_jsp.class0004852.js

       

      The below are the specs of McAfee used.

       

      McAfee Engine version:                5400.1158
      McAfee AntiVirus DAT version:      6427.0

       

      However, there is no such issue reported with the following AV solutions (tested and declared by different people)

       

      • Scan with Sophos 9.5.5 (Engine: 3.22.0;    Database: 4.68G, 167 updatefiles).  No virus or exploit found.
      • SEP (Symantec) has no issues
      • Trend Micro Worry Free had no issues with it.

       

      Here is the result from VirusTotal

       

      File name:

       

      AdventNetDesktopCentralWeb.ujar

       

      Submission date:

       

      2011-08-04 13:26:39 (UTC)

       

      Current status:

       

      finished

       

      Result:

       

                  2                /42 (4.8%)

       

      http://www.virustotal.com/file-scan/report.html?id=694a9a5b054938ee1ad8cf121ffbf 10710369bc120c6bbf736293c9e9e8e0170-1312464399#

       

      Why is this False positve alarm from McAfee?  Whats happening?

       

      regards

      romanus

      http://www.desktopcentral.com

       

      Message was edited by: chiefcritic on 8/11/11 6:27:40 AM CDT

       

      Message was edited by: chiefcritic on 8/12/11 4:13:43 AM CDT