4 Replies Latest reply on Jul 15, 2008 12:54 PM by ponchovarela21

    VirusScan 8.5i and MS Java virtual machine

      Hi All,

      I have an issue with VirusScan 8.5i and MS Java virtual machine.... In some machines we have installed MS Java Virtual Machine and Sun Java because for some SW we need to have installed the MS Java Virtual Machine.... So in those machines, I just made the upgrade to the VirusScan 8.5i Patch 4 and everytime that some web application use the MS Java Virtual Machine appear the foolowing message

      Rule name: IE Buffer Overflow
      Process to include: blank
      Process to exclude: BO:Writable BO:Heap
      File or folder: C:\Program Files\Internet Explorer\iexplore.exe

      I was searching in the knowledge DB of McAfee and I found that the VirusScan detect the msjava.dll like a threath and McAfee said that it is not a flase positive.

      https://knowledge.mcafee.com/SupportSite/search.do?cmd=displayKC&docType=kc&exte rnalId=614446&sliceId=SAL_Public&dialogID=23596436&stateId=1%200%2023586949

      Since McAfee said that it is not a false positive and they will not do nothing to solve it and MS doesn't give support of Java Virtual Machine anymore because the product is end of life.... So anyone can solve this issue in someway?

      Upgrade to the patch 6 doesn't work

      Thanks in advance
        • 1. RE: VirusScan 8.5i and MS Java virtual machine
          Exclude the file from detection..

          Generally, Exclude it by opening the VirusScan console and right click Access Protection. Choose View Log. Check to see the exact file name and rule for the block. The process that is being blocked will be the program you need to remember. You can then change the settings in the "Access Protection" section by altering the rule or you can sometimes add this to the exceptions by right clicking "Buffer Overflow Protection" listing, then adding the full listing in the "Exclusions" section.

          Hope this helps.

          • 2. RE: VirusScan 8.5i and MS Java virtual machine
            Dear Grif,

            thanks for your feedback... Like you said I try to exlcude the msjava.dll file of the scanning but it didn't work, the only way that work if I exclude the process iexplore.exe from the buffer over flow protection but for our organization we can not exclude this process becuase it's a big hole of security. I can not add the msjava.dll file like buffer over flow protection because these exclusions are only for process.

            Thanks again for your feedback
            • 3. RE: VirusScan 8.5i and MS Java virtual machine
              Eliminating "iexplore.exe" from the Buffer Overflow Protection isn't really "a big hole of security".. Excluding it from Buffer Overflow Protection doesn't mean that it's excluded entirely from Virus or Spyware scanning.. Internet Explorer still gets scanned using the "On Access Scanner" even if it's removed from BOP. On-Access Scanner options are separate from BOP and items such as "Script Scanning" are still enabled and if malware is ever "written-to" or "read from" the hard drive McAfee will still detect it..

              It's a choice that only you and your organization can make, but there are a number of companies that disable Buffer Overflow Protection entirely..

              Hope this helps.

              • 4. RE: VirusScan 8.5i and MS Java virtual machine
                Hi Grif,

                thanks for your feedback, i will check this option