| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Completed Research
Forum: OpenZika
Thread: McAfee detecting checkpoints as 'trout' and deleting them |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 4
|
|
| Author |
|
|
marist_college
Advanced Cruncher USA Joined: Mar 30, 2005 Post Count: 107 Status: Offline Project Badges: 
|
We use VirusScan Enterprise. Have seen a few reports of checkpoints being detected as "Trout" malware by McAfee and then being deleted. I believe these are Zika WUs, but I could be wrong. We're currently crunching SCC, Zika, HSTB, and FAAH2.
----------------------------------------It looks like we've had 5 detections/deletions so far from 4 unique machines. C:\ProgramData\BOINC\slots\1\vina_checkpoint\output_type_other_18.bin C:\ProgramData\BOINC\slots\1\wcg_checkpoint_0c.ckp C:\ProgramData\BOINC\slots\1\vina_checkpoint\output_type_other_3.bin C:\ProgramData\BOINC\slots\10\vina_checkpoint\output_type_other_5.bin C:\ProgramData\BOINC\slots\2\vina_checkpoint\output_type_other_4.bin Is anyone else seeing this (even from other AV products)? Anything we can do to stop it?  |
||
|
|
Former Member
Cruncher Joined: May 22, 2018 Post Count: 0 Status: Offline |
Considering the sandboxing of the BOINC datadir area, more strongly when BOINC is installed as service, a long standing recommendation has been to exclude C:\ProgramData\BOINC\* from scanning [higher write frequencies do help to get false positives as well]
----------------------------------------Vina does narrow it down to about 4 sciences, not HST1 or FAH2/FAHB, but you can find in BOINC manager which job is associated with a slots/# by selecting each running tasks and hitting the properties button at left. [Edit 1 times, last edit by Former Member at Mar 27, 2017 5:01:28 PM] |
||
|
|
marist_college
Advanced Cruncher USA Joined: Mar 30, 2005 Post Count: 107 Status: Offline Project Badges:
|
Thanks, Rob. I've only seen one of the machines so far, which was several hours after the McAfee alert (the others I was able to see reported to our central AV server after I knew about it). I tried correlating the logs to figure out which WU was running at the time, as I don't think it was the same WU by the time I was able to look at it. I'd prefer not to whitelist the BOINC data dir, but can if that's the only solution.
---------------------------------------- |
||
|
|
KLiK
Master Cruncher Croatia Joined: Nov 13, 2006 Post Count: 3108 Status: Offline Project Badges: 
|
Considering the sandboxing of the BOINC datadir area, more strongly when BOINC is installed as service, a long standing recommendation has been to exclude C:\ProgramData\BOINC\* from scanning [higher write frequencies do help to get false positives as well] Vina does narrow it down to about 4 sciences, not HST1 or FAH2/FAHB, but you can find in BOINC manager which job is associated with a slots/# by selecting each running tasks and hitting the properties button at left. +1 Antivirus are usually stupid programs, sometimes doing more harm then good!  |
||
|
|
|