1 2 Previous Next 11 Replies Latest reply on May 29, 2012 3:57 PM by mjmurra

    "PUP Scan Summary" pop-up after scan

      On some VSE 8.8 On-Demand scans that involve multiple PUP detections, I get the following pop-up at the end of the scan. Is there a way to surpress this alert?

       

       

      vse.jpg

      The scan report looks like:

       

      Scan Started    <PC\User>    On-Demand Scan

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\BulletsPassView.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\dialupass.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\astlog.exe    Generic PUP.z (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\iepv.exe\iepv.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\PasswordFox.exe\PasswordFox.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\netpass.exe\netpass.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\OperaPassView.exe\OperaPassView.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\mailpv.exe    Artemis!E4E05D381954 (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\mspass.exe\mspass.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\ChromePass.exe\ChromePass.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\pspv.exe    PWCrack-PassView (Password Cracker)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\rdpv.exe    Generic PUP.x (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\VNCPassView.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\ProduKey.exe\ProduKey.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\PstPassword.exe\PstPassword.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\SniffPass.exe\SniffPass.exe    Tool-PassView (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\RouterPassView.exe    Artemis!5E48E6661375 (Potentially Unwanted Program)

      No Action Taken     <User>    ODS    C:\apps\Nirsoft\WirelessKeyView.exe\WirelessKeyView.exe    Tool-PassView (Potentially Unwanted Program)

      Scan Summary    <PC\User>    Scan Summary

      Scan Summary    <PC\User>    Processes scanned    : 0

      Scan Summary    <PC\User>    Processes detected   : 0

      Scan Summary    <PC\User>    Processes cleaned    : 0

      Scan Summary    <PC\User>    Boot sectors scanned : 1

      Scan Summary    <PC\User>    Boot sectors detected: 0

      Scan Summary    <PC\User>    Boot sectors cleaned : 0

      Scan Summary    <PC\User>    Files scanned        : 79

      Scan Summary    <PC\User>    Files with detections: 18

      Scan Summary    <PC\User>    File detections      : 18

      Scan Summary    <PC\User>    Files cleaned        : 0

      Scan Summary    <PC\User>    Files deleted        : 0

      Scan Summary    <PC\User>    Files not scanned    : 0

      Scan Summary    <PC\User>    Scan Summary (Registry Scanning)

      Scan Summary    <PC\User>    Keys scanned         : 0

      Scan Summary    <PC\User>    Keys detected        : 0

      Scan Summary    <PC\User>    Keys cleaned         : 0

      Scan Summary    <PC\User>    Keys deleted         : 0

      Scan Summary    <PC\User>    Scan Summary (Cookie Scanning)

      Scan Summary    <PC\User>    Cookies scanned      : 0

      Scan Summary    <PC\User>    Cookies detected     : 0

      Scan Summary    <PC\User>    Cookies cleaned      : 0

      Scan Summary    <PC\User>    Cookies deleted      : 0

      Scan Summary    <PC\User>    Run time             : 0:00:04

      Scan Complete    <PC\User>    On-Demand Scan

       

      Message was edited by: mjmurra on 26/04/12 6:02:34 AM
        • 1. Re: "PUP Scan Summary" pop-up after scan
          greatscott

          Find the On Demand Scan Task User Interface on the system you are scanning, then under the Actions tab and Reports tab, you can modify your alerting.

           

          Additionally, if you are managing several systems via ePO, go to the system tree -> client tasks -> the On Demand Scanning task that you are running, then from here you can customize your alerts as well for all the systems you are managing via the task.

          • 2. Re: "PUP Scan Summary" pop-up after scan

            greatscott wrote:

             

            Find the On Demand Scan Task User Interface on the system you are scanning, then under the Actions tab and Reports tab, you can modify your alerting.

             

            Additionally, if you are managing several systems via ePO, go to the system tree -> client tasks -> the On Demand Scanning task that you are running, then from here you can customize your alerts as well for all the systems you are managing via the task.

             

            I don't think you understand the issue. This is not a generic alert, but a particular issue with VSE when scanning certain PUP files.

            • 3. Re: "PUP Scan Summary" pop-up after scan
              sbenedix

              If you start it interactive (press the "play" button) thats what happens not configurable through the UI afaik, I would check if the command line has something to offer (don't know of the top of my head if there is something)

               

              My 2 cent. :-)

              • 4. Re: "PUP Scan Summary" pop-up after scan

                Ok, nobody "gets" what the problem is. It's a bug in VSE - not a misconfiguration, nor the way the scan is set up.

                • 5. Re: "PUP Scan Summary" pop-up after scan
                  sbenedix

                  Alright, alright, can you provide clear steps on how you reproduce this behaviour? Include steps on how to you start the scan, an export of your hklm\software\mcafee hive would be interesting as well :-) (sanitize IPs and machinenames if required). Never seen such a popup, would have thought that comes as part of the interactive start, apparently thats not the case. It certainly does not look like a bug (incorrect or broken functionality), if at all it's a feature, even though unexpected.

                  • 6. Re: "PUP Scan Summary" pop-up after scan

                    You should be able to replicate it easily by doing the following:

                     

                    Download the NirSoft zip package here: http://launcher.nirsoft.net/download.html (Note they are password recovery tools).

                     

                    Right click zip file, Scan, Continue.

                     

                    <removed registry settings. Too much waste of space>

                     

                    Message was edited by: mjmurra on 29/05/12 9:15:23 PM
                    • 7. Re: "PUP Scan Summary" pop-up after scan
                      andy_judge

                      Hi

                      I think I understand the problem here

                       

                      VSE8.8 is detecting the tools as 'Potentially-Unwanted-Programs'  ie they're not a virus but may be unwanted.

                       

                      This is normal for the SW if the PUP detection is switched on & set to scan for the various PUPs available. & an ODS scan will be configured to detect them by default.

                       

                      What you need to do is configure the ODS(& maybe On-Access Scan) settings to exclude this particular toolset from the scanning process.

                       

                      Is the toolset only installed on certain machines or everywhere ? a blanket exclude may not be the best solution as the PUP may be wanted by people such as security/sys Admins but in the wrong hands could cause issues.

                       

                      If you can post back on here with some more information I'm sure we'll be able to help better, maybe the info I've given will give you the steer you need,

                      • 8. Re: "PUP Scan Summary" pop-up after scan

                        The problem *isn't* that McAfee detects the files, or that I  want McAfee to *not* detect the files. I know exclusions well.

                         

                        The issue is the pop-up which appears at the end of the Scan. This should not be occuring, and doesn't occur for other detection types.

                         

                        It is a bug in the VSE product as best as I can tell, or an issue with the detection drivers causing the issue. Best guess is some leftover code from the old PUP add-on module is causing the issue.

                        • 9. Re: "PUP Scan Summary" pop-up after scan

                          Ok, perhaps this may explain things a little bit better....

                           

                          If I scan a set of files, and there are less than 10 "Tool-PassView" detections, there is no additional PUP pop-up at the end of the scan (McAfee1.jpg)

                           

                          If however, there are 10 or more "Tool-PassVIew" detections, an additional pop-up appears (McAfee2.jpg).

                           

                          Does this explain what I am seeing, and the bug that exists????

                          1 2 Previous Next