Open-AudIT

What's on your network?
It is currently Mon Apr 23, 2018 11:56 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 18 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: Wed Nov 21, 2007 5:36 am 
Offline
Newbie

Joined: Thu Nov 01, 2007 8:21 am
Posts: 27
hi,
it's just for say that :
kaspersky 6 server + workstation detect audit.vbs like a virus trojan.gen dowloader in my domain.


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 24, 2007 2:20 am 
Offline
Newbie

Joined: Wed Oct 31, 2007 12:40 am
Posts: 7
Yes I also have this problem at work, and it is annoying because it was only recently that installed Kaspersky on all machines.

And so far I haven't found a 100% work around. I've found if you add *audit.vbs* to the allowed list AND uncheck Microsoft script checking in Web-Anti-Virus you can then run audit.vbs. But then whenever kaspersky does regular scans it still finds the VBS and complains.

Anyone else have to deal with this and have a better solution?


Top
 Profile  
Reply with quote  
PostPosted: Sat Nov 24, 2007 2:26 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Other than NOD32 ? http://www.eset.com/

Is it the name (audit.vbs) or the simple fact that it is a VBS file?

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Sun Nov 25, 2007 3:37 am 
Offline
Newbie

Joined: Thu Nov 01, 2007 8:21 am
Posts: 27
In my opinion ,
it's the use of a specific function in the script.

for example :
kaspersky detect virus gen trojan in simple ".bat" files containt format c:\ command line,


Top
 Profile  
Reply with quote  
PostPosted: Mon Nov 26, 2007 10:58 pm 
Offline
Newbie

Joined: Wed Oct 31, 2007 12:40 am
Posts: 7
A_Hull wrote:
Other than NOD32 ? http://www.eset.com/

Is it the name (audit.vbs) or the simple fact that it is a VBS file?
Yeah I personally think NOD32 is one of the best out there, but wasn't my decision to go with Kaspersky.

It has nothing to do with the name but with some of the code in it. I don't realistically expect that there will be a way to change the VBS script so kaspersky doesn't complain, but just to get Kaspersky to be quiet and not try to delete the file would be nice.


Top
 Profile  
Reply with quote  
PostPosted: Tue Nov 27, 2007 1:34 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Do the log files give any clues? Is it detecting it as a particular virus, or just warning generally that it doesn't like the look of it?

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Tue Nov 27, 2007 1:57 am 
Offline
Newbie

Joined: Wed Oct 31, 2007 12:40 am
Posts: 7
It always detects virus gen trojan for me. And by default if you enter a directory with audit.vbs in it you can't copy the file or anything.

The only options are to delete, quarantine, or temp skip a file which really does nothing. Because users are working with laptops outside of the network I was hoping to have audit.vbs run at a specific time but I need to work around this Kaspersky issue first.


Top
 Profile  
Reply with quote  
PostPosted: Tue Nov 27, 2007 7:45 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
I take it that simply renaming audit.vbs as openaudit.vbs or fred.vbs is not enough to have it stop complaining :?

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 21, 2007 2:32 am 
Offline
Newbie

Joined: Wed Oct 31, 2007 12:40 am
Posts: 7
Sorry for the late reply but yeah no matter what I tried to allow in Kaspersky or what features I removed nothing worked.

Today I emailed Kasperksy and apparently this issue is now fixed. Hoping maybe tomorrow morning after an update everything will run smoothly. I plan to have remote users run the script, and they all have Kaspersky installed.


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 21, 2007 8:22 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Good to see Kaspersky following up on your problem, let us know how things go. :D

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Sun Mar 16, 2008 8:32 pm 
Offline
Newbie

Joined: Sun Mar 16, 2008 6:52 am
Posts: 1
Hi,

There is about four monts aftery Your post and I have the same problem with Kaspersky AV.
How about yours ?


Top
 Profile  
Reply with quote  
PostPosted: Mon Mar 24, 2008 10:42 am 
Offline
Newbie

Joined: Mon Mar 24, 2008 10:08 am
Posts: 3
Hi

Same for me, but we use F-SECURE (workstation and server).

Malicious code found in file audit.vbs.
Infection: Trojan-Downloader.JS.gen
Action: The file was quarantined.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 24, 2008 4:24 am 
Offline
Newbie

Joined: Sun Mar 05, 2006 8:45 am
Posts: 14
Has anyone figured out how to keep AV software from flagging and/or deleting audit.vbs? Perhaps it's time to make the audit script an executable?


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 24, 2008 6:12 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
There must be a similarity between Trojan-Downloader.JS.gen and audit.vbs can we find out a bit more from F-Secure and Kasperski, they should be able to help.

_________________
Andrew

OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Fri Jul 25, 2008 11:07 pm 
Offline
Newbie

Joined: Fri Jul 25, 2008 11:01 pm
Posts: 1
Is there a solutions for this? As I have the same problem with Kaspersky 6.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 18 posts ]  Go to page 1, 2  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group