3 Replies Latest reply on Jan 3, 2008 8:25 AM by jjbova

    IE error new for JAN 08

      I noticed today (Jan 03 2008) that we have had a HUGE increse of JS/Exploit-BO (IE errors) by numerous workstations. We have about 5000 nodes on our network, all running VirusScan 8.0i, we are using ePO 3.6.1 to manage. the latest DAT before we got flooded with all these errors is DAT 5197.

      I was wondering is there a way to check what was included in the DAT that might have made it included this in it. Also is there a way to exclude this in ePO (I will post this in the enterprize thread too). I will include a copy of the errors. If you need any more info, please ask. Thanks.


      *Message Generated by ePO*

      Time/ Descrpt------- 1/3/08 8:07:22 AM - JavaScript security violation detected and blocked
      Computer/IP--------- _ - *IP Removed*

      INFO------------------ 3 - *computer name removed* -

      Affected objects------ Script executed by iexplore.exe

      Threat name---------- JS/Exploit-BO
        • 1. RE: IE error new for JAN 08
          We also received reports of this error yesterday.

          Below is an email that I received from McAfee regarding this false positive.

          The 5198 DAT files have been released early due to a DAT Issue Emergency with the %version% DAT Files.

          The reason for this DAT Issue Emergency is a false detection (JS/Exploit-BO) on certain javascript files.

          The various 5198 DAT file packages can be found at http://www.mcafee.com/apps/downloads/security_updates/dat.asp

          I noticed that our EPO server pulled the 5198 DAT file into the repository at around 4pm yesterday. This 5198 DAT is supposed to fix this issue.
          • 2. RE: IE error new for JAN 08
            Awsome, thanks for the quick responce. I was already downloading the new DAT (it's about half way through). I will let you know if this fixed it.
            • 3. RE: IE error new for JAN 08
              This does seem to have fixed the issue (we tested it on a few workstations and they are good).

              Now I have a new questions, is there a command line that will force the update? I thought there was something liek c:/frmpkg.exe /update=force or soemthing like that. I can't remember though. We have a script that we can run that hits all our workstations, and we want to update these DATs on the workstations ASAP. Thanks.