More False Positives from McAfee

Spread the news
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

McAfee Antivirus is falsely detecting VNC remote control software as a malware and deleting it upon detection. This is causing a major problem for a lot of remote management tools that rely upon this popular open source software to operate.

If you are using McAfee on your network, you can use the following detection log as a checklist of files that need to be added to your “exclusion list” inside your antivirus properties.

You may also want to look into your McAfee settings for ways to change the default action from DELETE to LOG. We’ve notified McAfee of this problem and are awaiting a response. If this problem is affecting you, please contact them at vendor_questions@mcafee.com.

9/19/2008 11:30:01 AM Scan Started BMSANWS4LZ13D1SYSTEM (managed) VirusScan 8.5 on demand friday scan
9/19/2008 11:36:51 AM Deleted SYSTEM C:FASTPUSHVNC7REALVNC4LOGMESSAGES.DLL RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:51 AM Deleted SYSTEM c:fastpushvnc7realvnc4logmessages.dll RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:FASTPUSHVNC7REALVNC4VNCCONFIG.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:fastpushvnc7realvnc4vncconfig.exe RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:FASTPUSHVNC7REALVNC4WINVNC4.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:fastpushvnc7realvnc4winvnc4.exe RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM C:FASTPUSHVNC7REALVNC4WM_HOOKS.DLL RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:52 AM Deleted SYSTEM c:fastpushvnc7realvnc4wm_hooks.dll RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:53 AM Deleted SYSTEM C:FASTPUSHVNC7ULTRAWINVNC.EXE RemAdm-VNCView(Remote Admin Tool)
9/19/2008 11:36:53 AM Deleted SYSTEM c:fastpushvnc7ultrawinvnc.exe RemAdm-VNCView(Remote Admin Tool)

  • The_Frapster

    I ran this update at work, and CA also lists it as a virus, I went home, downloaded the demo and Avira also lists this as a virus. Ran on my XP machine, with Eset, and it didn’t detect anything. So I am in a quandry here, 2 out of my three AV’s say something’s there.

  • Steve

    Yea, this is quite frustrating. This happens from time to time. VNC is a remote desktop control tool so I understand why a desktop security package would like to bring that to your attention in case you didn’t know that it was installed but this is just excessive and destructive.

    The VNC community has been playing whack -a- mole between the antivirus vendors for years. One vendor fixes it and then it shows up on another one. Three months later, it’s back on the first one again.

    It is worth noting that it’s not calling it a virus. It’s calling it a “Remote Admin Tool” … and then deleting it.

  • Steve

    Here’s an example of how far back this goes: http://www.realvnc.com/pipermail/vnc-list/2001-February/020152.html