1 Reply Latest reply on Feb 3, 2009 6:06 PM by Gazz300

    False Detection


      Today with the 5514 dat files I am seeing VSE85 detect anything packaged with the SMS packaging tool (16 or 32 bit) as Reboot-BE. I submitted to Avert platinum. Had to surpress alerts and change the DATs in use to previous and disable the DAT Pull task.

      With that, I can’t believe that we are the only company that uses SMS packager.

      I just finished some testing with SMS installer and found that it does not matter if the package is made with 16 or 32 bit mode. So at this point, we are a fish out of water as there is no fix that we can do (short of repackaging with a different packager – which would be a lot of work).

      Based on this info, I believe that McAfee is targeting this based on the way that SMS installer packages work.

      Whats the best way to address this and has anyone else seen this?


        • 1. RE: False Detection

          > Hello,
          > In order to address an incorrect identification of Reboot-be
          > discovered in the current DATs, today's DATs will be released later
          > than normal. Current ETA for today's DAT release is approximately
          > 3:00 PM Central time.
          > Information on the incorrect identification:
          > Detection: Reboot-be
          > File Name: uninstall.exe
          > File Size: 124Kb
          > File MD5: 316da0a00f1d23fe96e61122fe8384cfd