| Mart |
| (KiX Supporter) |
| 2017-02-07 11:33 AM |
|
Compiled scripts detected as malware by McAfee/Intel security
|
Please be aware that since last Sunday (Feb 5 2017) compiled kix scripts are seen as malware by McAfee/Intel security. We experienced some issues due to this and contacted our consultancy company to assist and contact McAfee/Intel security to get this fixed. Samples have been sent and are being analyzed by the techs at the moment. They expect to release an ExtraDAT or (depending on the time) incorporate the fix directly in the regular DAT releases.
It is a generic detection without any specific malware associated to it but the defense mechanisms are triggered and the file is blocked or removed depending on your settings.
Below is the detection we had. The part after the exclamation mark will be different depending on the application that is blocked/deleted.
Quote:
....
List of Detected Threats: GenericR-JFN!1A28C854203E
....
System details: Win7 SP1, Kix 4.67, editor and compiled in ASE.
Allen
|
| (KiX Supporter) |
| 2017-02-07 02:56 PM |
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
Tokenized scripts?
| Mart |
| (KiX Supporter) |
| 2017-02-07 05:14 PM |
|
|
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
Not sure. I did not test with tokenized scripts. In ASE you can compile it to an exe. The combination of the script and kix32.exe or wkix32.exe triggers AV software with the current DAT from McAfee/Intel security. The script or wkix32 or kix32 do not trigger it but the combination does.
|
Allen
|
| (KiX Supporter) |
| 2017-02-07 05:18 PM |
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
I don't have any customers that use McAfee. I use Kix2exe (which is probably similar to the ASE) quite a bit. Curious if they are treating K2E the same way?
| ShaneEP |
| (MM club member) |
| 2017-02-07 09:20 PM |
|
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
I have seen false negatives with kix2exe packaged scripts. I don't remember for sure if it was mcafee, but more than likely. Something about an exe, launching another exe, tends to seem suspicious.
| Mart |
| (KiX Supporter) |
| 2017-02-08 04:37 PM |
|
|
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
This issue seems to be fixed with DAT 8432.0000 (Feb 7 2017). I'll double check with the techs at McAfee to be sure.
| Mart |
| (KiX Supporter) |
| 2017-02-09 10:11 AM |
|
|
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
Sorry but this is not fixed in DAT 8432.0000. McAfee/Intel techs are still investigating this.
| Arend_ |
| (MM club member) |
| 2017-02-09 11:33 AM |
|
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
Interesting, can you test by putting wkix32.exe and the script together in a self-extracting and executing 7-zip file? (that's pretty much how most packagers do it anyway).
| Mart |
| (KiX Supporter) |
| 2017-03-15 01:15 PM |
|
|
|
Re: Compiled scripts detected as malware by McAfee/Intel security
|
It took some time to get it done but the detections below have been marked as safe and will be ignored by McAfee/Intel. These were the detections we had.
GenericR-JFN!1A28C854203E
GenericR-JFN!77E0941BC5BB
GenericR-JFN!AA6A86D675DE