Sonic wall detecting Trojan

kalverson · 26th May 2016, 10:40

http://software.sonicwall.com/applic...v=v&v_id=11074

We have a customer that has reported that our NSIS created install contains the DownloadAssistant.CPOT Trojan.

I haven't investigated this yet, but I thought I'd post here to see if anyone knows about this one.

Anders · 26th May 2016, 14:05

If this is a false positive then you should just follow standard procedure:

Recommend your customers to stay away from this product.
Report the false positive so they can update their database.

You could try starting @ https://support.software.dell.com/productline/sonicwall but there seem to be so many versions of that product I did not really know which to choose. You might just have to search for "false positive" on their support and/or forum pages.

http://www.sonicwall.com/products/so...ed-anti-virus/ implies that they are using McAfee so that is probably why. McAfee have a long history of false positives related to NSIS and they refuse to do anything to really fix the issue so be prepared to submit a false positive report for every release you make.

For extra bonus points you can contact them publicly:

kalverson · 27th May 2016, 14:07

Thanks for the detailed information Anders. We determined our executable md5 and sha1 hash values matched what was expected on our download site, so it is a false positive. I did go so far as to define a profile with SonicWALL so I could view their forum. Unfortunately, they don't allow you to post when you don't actually own one of their products.

26th May 2016, 10:40	#1
kalverson Senior Member Join Date: May 2007 Location: Maple Grove, Minnesota Posts: 134	Sonic wall detecting Trojan http://software.sonicwall.com/applic...v=v&v_id=11074 We have a customer that has reported that our NSIS created install contains the DownloadAssistant.CPOT Trojan. I haven't investigated this yet, but I thought I'd post here to see if anyone knows about this one.

26th May 2016, 14:05	#2
Anders Moderator Join Date: Jun 2002 Location: ${NSISDIR} Posts: 5,442	If this is a false positive then you should just follow standard procedure: Recommend your customers to stay away from this product. Report the false positive so they can update their database. You could try starting @ https://support.software.dell.com/productline/sonicwall but there seem to be so many versions of that product I did not really know which to choose. You might just have to search for "false positive" on their support and/or forum pages. http://www.sonicwall.com/products/so...ed-anti-virus/ implies that they are using McAfee so that is probably why. McAfee have a long history of false positives related to NSIS and they refuse to do anything to really fix the issue so be prepared to submit a false positive report for every release you make. For extra bonus points you can contact them publicly: https://twitter.com/DellSecurity https://www.facebook.com/DellSecurity IntOp $PostCount $PostCount + 1

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

27th May 2016, 14:07	#3
kalverson Senior Member Join Date: May 2007 Location: Maple Grove, Minnesota Posts: 134	Thanks for the detailed information Anders. We determined our executable md5 and sha1 hash values matched what was expected on our download site, so it is a false positive. I did go so far as to define a profile with SonicWALL so I could view their forum. Unfortunately, they don't allow you to post when you don't actually own one of their products.