1. Pierre Couvreur
  2. PowerBuilder
  3. Wednesday, 10 November 2021 08:04 AM UTC

Hi,

Since PB2021, even the simplest application consisting of an empty window, makes McAfee react. The application is flagged as "Trojan horse" and the exe is deleted.

The same application built with PB2019R2 doesn't make McAfee react.

What is the explanation ?

It's possible to overcome the problem by signing the exe and configuring McAfee to consider all the exe signed as safe. But if it is the only way to solve the problem, it would be nice to have a "signing" tab in the application project (as we have one in powerserver project as well as powerclient project).

Could Appeon ask McAfee (and others) to treat Appeon applications as safe (except if they contain real malicious code) ?

Many thanks for all.

Pierre

 

Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 10 November 2021 15:54 PM UTC
  2. PowerBuilder
  3. # 1

Hi Pierre,

You can always sign the .EXE of your app even if you don't use PowerClient or PowerServer option.  The only difference is you do this outside of PB IDE after your app is compiled.

I would recommend you report the false positive to McAfee so they can improve their scanning algorithms. https://kc.mcafee.com/corporate/index?page=content&id=KB85567

Best regards,
Armeen

Comment
There are no comments made yet.
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 10 November 2021 15:55 PM UTC
  2. PowerBuilder
  3. # 2

Hi Pierre;

  Our Appeon QA team that tests each PB release also tests the IDE with the major AV software vendors - McAfee being one of them. If any such quarantine issue is found, Appeon would then inform the AV vendor to add PB version X to its exclusions. Please check to make sure that you are running the latest McAfee AV software and AV definitions. AFAIK, McAfee should work OK with PB2021.

  It also might be a Windows "Policy" issue that might need tweaking by your O/S support team. In the worst case (if they do not want to do that), you might have to digitally sign your App EXE's.

FYI: https://community.appeon.com/index.php/qna/q-a/automatically-sign-a-pb-application

Regards ... Chris

Comment
There are no comments made yet.
Pierre Couvreur Accepted Answer Pending Moderation
  1. Wednesday, 10 November 2021 16:11 PM UTC
  2. PowerBuilder
  3. # 3

Hi Armeen and Chris,

Signing my app outside of the IDE is exactly what I'm currently doing. But I wondered why it was necessary with PB2021 while it has never been necessary before. Also, it might be nice to have the possibility to sign it from inside PB IDE (like with PowerClient and PowerServer).

Thank you for your suggestions and support !

Pierre

 

 

Comment
  1. Armeen Mazda @Appeon
  2. Wednesday, 10 November 2021 17:33 PM UTC
I can’t tell you why exactly because McAfee not our product. But as Chris mentioned we test against McAfee, so your issue is specific to you code and/or environment. Anyway, as I mentioned you should report this to McAfee.
  1. Helpful
  1. Pierre Couvreur
  2. Thursday, 11 November 2021 11:24 AM UTC
Thank you Armeen. In my opinion the issue is not specific to my code because a test application that does nothing except opening an empty windows still makes McAfee consider it as Trojan horse. Maybe you're right and it is specific to my environment, anyway I will report it to McAfee and see.



Thanks for all.

Pierre

  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.