You are here

T-612: False Positive Detection Generic.dx!yxk in DAT 6329

April 29, 2011 - 7:47am

Addthis

PROBLEM:

Spsgui.exe - This file is typically found only on workstations that have the SAP client installed. This file is loaded by the SAP client when it starts up and is used to send and receive faxes inside the SAP application.

PLATFORM:

McAfee VirusScan Enterprise: For details of all supported operating systems, see KB51109.

Corporate KnowledgeBase ID: KB51109

ABSTRACT:

This issue can affect all McAfee anti-virus products utilizing this DAT, however it will manifest itself only on endpoints such as VirusScan. Spsgui.exe - This file is typically found only on workstations that have the SAP client installed. This file is loaded by the SAP client when it starts up and is used to send and receive faxes inside the SAP application.

referenceĀ  LINKS:

Corporate KnowledgeBase: KB51109
McAfee Product & Technology Support Lifecycle

IMPACT ASSESSMENT:

High

Discussion:

Detection name(s) causing the false: Generic.dx!yxk
File Name(s): Spsgui.exe - This file is typically found only on workstations that have the SAP client installed. This file is loaded by the SAP client when it starts up and is used to send and receive faxes inside the SAP application.

Solution:

Solution 1 - McAfee has posted the 6330 DAT files, and recommends applying these DATs as soon as possible.
Solution 2 - The following remediation tools are available:
* EXTRA.DAT please see KnowledgeBase article in the Extra.zip file. This negative extra DAT is used to suppress detection.
* SDAT_EM.exe please see KnowledgeBase article in the SDAT_EM.zip file. This SuperDAT can be deployed directly through McAfee ePolicy Orchestrator (ePO).
* sdatInstaller.msi please see KnowledgeBase article in sdatInstaller.zip. This can be deployed via a Group Policy if you have Active Directory as described below.

Addthis