Hello,
A file copied by devexpress has been identified as a Trojan by McAfee at one of our clients's sites (see below).
It is confirmed by virustotal (see attachment)
Can you do something about it ?
Thanks,
Martin
----------------------------------------------------------------------------------------------------------------------
Subject: "Malware detected and not handled" events received
Importance: High
ePolicy Orchestrator Notification
Analyzer Method: OAS
Threat Type: Trojan
Threat Severity: Alert
Threat Action Taken: deleted
Response Name: Malware detected and not handled Event Type Name: Threat Defined at: My Organization System Location:
Description: Sends an e-mail notification when "Malware detected and not handled" events are received.
Number of events: 1
Source IPV6 addresses:
Source IPV4 addresses:
Threat Names: GenericRXCT-AM!FF526CA867DC Threat Process Name:
Detecting Product Names: VirusScan Enterprise Target File Name: C:\Users\Public\Documents\DevExpress Demos 15.2\Components\WinForms\Bin\PivotGridOlapBrowser.exe
Hi Martin,
Thank you for reaching out to us.
What DevExpress version are you using? I've tested the PivotGridMainDemo.exe file from the latest build 15.2.16 (it's attached) and VirusTotal confirmed it's safe (VirusTotal report). What looks confusing is that my file is of 440.5 KB, while your file is four times smaller.
Hello,
The problem is with pivotgridolapbrowser.exe!
We use 15.2.something (I cant see it now)
Thanks
15.2.10
We are also seeing this is version 16.2.4 please see attached screen shots.
This has also been confirmed as a virus by our internal IS department as a Trojan.
My whole development team is now offline as a precaution.
This is urgent can you look into this right away please.
Hello Martin, Scott,
I first wanted to emphasize that you can trust the content you're receiving from DevExpress. As you may already know, our installation files are digitally signed and have been checked for viruses prior to distribution.
If these files were provided by our installer and were not patched by any third-party, then I am almost sure that this is a false positive.
I am going to prepare information about the file versions that you mentioned and publish it soon, so you can compare it with the files installed on your machine.
In the meantime, you may wish to check the application you have on your machine on the VirusTotal website by Google.
Thanks,
Stan
Hello,
I have finally managed to reproduce this false positive issue on the VirusTotal website. So far we have the following list of files that I were reported as infected:
15.2.10 - PivotGridOlapBrowser.exe; Size:108 KB (111,104 bytes); MD5:ff526ca867dc26ef348d9645ed18eeed -testing results (indicated by TrendMicro)
16.1.8 - PivotGridOlapBrowser.exe; Size: 108 KB (111,104 bytes); MD5:220ca8765141d05c4ae9b014c2a578b0 -testing results (already clean)
16.2.4 - PivotGridOlapBrowser.exe; Size:108 KB (111,104 bytes); MD5:0b6cc218d66d8de94311f7fc4ff07c48 -testing results (already clean)
17.1.6 - PivotGridOlapBrowser.exe; Size:108 KB (111,104 bytes); MD5:5fe657f170b638ebbf823e284c7fb9fc) -testing results (indicated by SentinelOne)
We are will contact the corresponding vendors and do our best to resolve this odd issue as soon as possible. I will keep you informed about any results we receive.
In the meantime, I suggest you white list these applications, because I am sure that this is a false positive. Particularly, we have tried to build the same demo application from source code in debug mode (it is included in the installation) and received the same alarm. I believe that this alarm will disappear in a couple of days.
Thanks,
Stan
Just a follow-up. We have contacted both vendors - TrendMicro and SentinelOne but have not received any response yet. I hope that this weird issue will be addressed in a few days. I will let you know when these files will be whitelisted.
I would like to note that PivotGridOlapBrowser is a sample project that is built from the source code shipped with the installation. The source code is placed in the neighbor folder - "C:\Users\Public\Documents\DevExpress YYYY.X Demos\Components\WinForms\CS\PivotGridOlapBrowser". Technically, you can delete this file without any risk and rebuild it from the source code.
Should you have any additional questions in this regard, just drop me a line.
Hello guys,
Just a quick follow up while Stan is out of the office…
TrendMicro seems to have updated their definitions. PivotGridOlapBrowser.exe of version 15.2.10 is no longer detected: VirusTotal report. However, the file from version 17.1.6 is still detected by SentinelOne. We're awaiting a response from them.