Symantec Management Platform (Notification Server)

 View Only

  • 1.  Inventory solution creates a OAS with Virus Scan (mcafee)

    Posted May 21, 2009 04:59 PM
      |   view attached
    Hi,

    I just got a call from the head security officer and he is wondering why aexauditpls.exe created and OAS virus alert with one of his programs.

    He downloaded nwinvestigatorsetup.exe to his desktop sometime ago, but just got this alert today and never touched the program on his desktop.

    See the attachment .... any ideas on how this happen?






  • 2.  RE: Inventory solution creates a OAS with Virus Scan (mcafee)

    Posted May 21, 2009 06:08 PM
    Auditpls.exe is just scanning for .exe files, and this information gets stored locally. Why McAfee choses to mark it as a virus would be better explained by them. You could try submitting a file for scanning by their tech support. Usually, real-time scanning has issues with 'very active' programs like inventory, especially during an inventory scan. If you run into this, it is recommended to exclude real time scanning from the directories that Altiris places the .nsi\.nse files in. This doesn't seem to fit your issue.


  • 3.  RE: Inventory solution creates a OAS with Virus Scan (mcafee)

    Posted May 21, 2009 06:20 PM
    Hi,

    If you look under application in the mcafee popup it list atlirirs as the culprit that started this and caused the OAS. I have not had this happen on any other system.
    It appears that the aexauditpls.exe some how started the program?  Does aexauditpls open this file when scanning? And why now and why not a month ago when this was downloaded?

    --


  • 4.  RE: Inventory solution creates a OAS with Virus Scan (mcafee)

    Posted May 21, 2009 06:29 PM
    and this really is the behavior most AV programs exhibit. Auditpls.exe has to 'open' or read the file to determine the header information to report it back. In all my years of using the programs various AV programs report this as suspcious, but only on some machines. You can run the same programs (AV\Altiris) on many computers in your environment, and you may NEVER see this issue, or more likely, just random occurences.


  • 5.  RE: Inventory solution creates a OAS with Virus Scan (mcafee)

    Posted May 22, 2009 12:04 PM

    Jim,

    Thanks for yor reply. I agree with you but had to get a soild answer for my boss. He is satisfied that this is nothing serious and just random occurences.

    thanks again!


     



  • 6.  RE: Inventory solution creates a OAS with Virus Scan (mcafee)

    Posted May 22, 2009 12:24 PM
    Obviously any management product is constantly on the skyline. End users complain of slowness or are suspicious of 'big brother', and managers always are looking for a justification for the money spent. I would keep an eye on it, and let us know if it continues.


  • 7.  RE: Inventory solution creates a OAS with Virus Scan (mcafee)
    Best Answer

    Posted May 25, 2009 04:54 AM

    W32/IRCZbot.gen.z was a false positive in signature 5622.  It was corrected in signature 5623.