Hello,
Following the WAPT update from 1.3 to 1.5, we are experiencing detection/blocking by our antivirus software after attempting to update agents on workstations. We will implement a solution, but the goal is to inform users and potentially gather feedback.
Trend Micro Officescan Server XG Build 1315
# Detection 1: The detected malware is Mal_Mlwr-13 https://www.trendmicro.com/vinfo/us/thr ... al_Mlwr-13
# Detection 2: Unauthorized file encryption C:\Windows\Temp\is-L7N1A.tmp\waptagent.tmp (triggered by "c:\windows\temp\waptagent.exe")
# Detection 3: waptconsole.exe
% Thank you in advance for your feedback
WAPT 1.5 vs Antivirus
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Hello,
Referring to the morning post titled "WAPT 1.5 vs Antivirus" viewtopic.php?f=10&t=1134, here are the elements we have integrated to unlock the situation on a Trend Micro Officescan XG.
# Detection 1: The detected malware is Mal_Mlwr-13 https://www.trendmicro.com/vinfo/us/thr ... al_Mlwr-13
Solution: https://success.trendmicro.com/solution/000019446 to be applied to all scans on Scan Exclusion List (Directories) c:\wapt
# Detection 2: Unauthorized file encryption C:\Windows\Temp\is-L7N1A.tmp\waptagent.tmp (triggered by "c:\windows\temp\waptagent.exe")
Solution: http://docs.trendmicro.com/en-us/enterp ... ing-1.aspx on c:\windows\temp\waptagent.exe
# Detection 3: waptconsole.exe
Solution: http://docs.trendmicro.com/all/ent/offi ... -List.html to be applied to all workstations on c:\wapt\waptconsole.exe
Referring to the morning post titled "WAPT 1.5 vs Antivirus" viewtopic.php?f=10&t=1134, here are the elements we have integrated to unlock the situation on a Trend Micro Officescan XG.
# Detection 1: The detected malware is Mal_Mlwr-13 https://www.trendmicro.com/vinfo/us/thr ... al_Mlwr-13
Solution: https://success.trendmicro.com/solution/000019446 to be applied to all scans on Scan Exclusion List (Directories) c:\wapt
# Detection 2: Unauthorized file encryption C:\Windows\Temp\is-L7N1A.tmp\waptagent.tmp (triggered by "c:\windows\temp\waptagent.exe")
Solution: http://docs.trendmicro.com/en-us/enterp ... ing-1.aspx on c:\windows\temp\waptagent.exe
# Detection 3: waptconsole.exe
Solution: http://docs.trendmicro.com/all/ent/offi ... -List.html to be applied to all workstations on c:\wapt\waptconsole.exe
Thank you for the feedback...
Tranquil IT
Found:
Integrated c:\wapt\*.* in scan exceptions and to be applied to all scans according to http://docs.trendmicro.com/en-us/enterp ... wildc.aspx
Integrated c:\wapt\*.* in scan exceptions and to be applied to all scans according to http://docs.trendmicro.com/en-us/enterp ... wildc.aspx
-
benoitpatin
- Messages: 37
- Registration: February 21, 2018 - 5:05 PM
The best solution isn't to make exceptions, but to inform the antivirus software that the file is a false positive. Most software providers offer a page on their website where you can upload a file and indicate that it's safe. Generally, the update includes the file's hash within 24-48 hours, and you'll be trouble-free.
Hello,
Indeed, we are making this declaration for publisher applications with fixed elements.
However, with WAPT, detection seems inconsistent and not necessarily 100% accurate on the same elements. It seems necessary to compile a list of the problems encountered so that the declaration to the antivirus manufacturer is complete, and hopefully some issues will be fixed in the debug version 1.5 of WAPT.
... To be continued
Indeed, we are making this declaration for publisher applications with fixed elements.
However, with WAPT, detection seems inconsistent and not necessarily 100% accurate on the same elements. It seems necessary to compile a list of the problems encountered so that the declaration to the antivirus manufacturer is complete, and hopefully some issues will be fixed in the debug version 1.5 of WAPT.
... To be continued
-
dcardon
- WAPT Expert
- Messages: 1929
- Registration: June 18, 2014 - 09:58
- Location: Saint Sébastien sur Loire
- Contact :
Hello Alesk,
However, there is no reason for it to be created in the c:\wapt directory. It should be created in the temporary directory of the account launching the installation (c:\windows\temp for LOCALSYSTEM or %AppData%Local\Temp\ for others).
Could you possibly have a problem with the path for your %PATH% environment variable?
Sincerely,
Denis
The WAPT code does not generate a *.tmp file itself. This file is created temporarily by Innosetup during program installation.
However, there is no reason for it to be created in the c:\wapt directory. It should be created in the temporary directory of the account launching the installation (c:\windows\temp for LOCALSYSTEM or %AppData%Local\Temp\ for others).
Could you possibly have a problem with the path for your %PATH% environment variable?
Sincerely,
Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
