McAfee Labs has received multiple reports of a false positive detection in SAP software. This is impacting SAP telephone connectivity functionality.
Detection name(s) causing the false: Generic.dx!yxk
File Name(s): Spsgui.exe – This file is typically found only on workstations that have the SAP client installed. This file is loaded by the SAP client when it starts up and is used to send and receive faxes inside the SAP application.
Date of First Occurrence: April 28, 2011
DAT Version: 6329
DAT Version Containing the Fix: 6330 – This DAT has now been posted and replication is occurring.
What are the affected products?
- VirusScan Enterprise
NOTE: This issue can affect all McAfee anti-virus products utilizing this DAT, however it will manifest itself only on endpoints such as VirusScan.
This KnowledgeBase article will be updated when additional information is made available.
Solution 1
Solution 2
- EXTRA.DAT is attached to this KnowledgeBase article in the Extra.zip file. This negative extra DAT is used to suppress detection.
- SDAT_EM.exe is attached to this KnowledgeBase article in the SDAT_EM.zip file. This SuperDAT can be deployed directly through McAfee ePolicy Orchestrator (ePO).
- sdatInstaller.msi is attached to this KnowledgeBase article in sdatInstaller.zip. This can be deployed via a Group Policy if you have Active Directory as described below.
Create the Group Policy Object in the Active Directory Users and Computers application:
Before you begin to create the Group Policy Object:
- Create a share on a server and allow Domain Computers at least READ access to the share.
- Copy the MSI installation file to the share.
Follow these steps to create the Group Policy Object in the Active Directory Users and Computers application:
- Right-click on the Organization Unit that you wish to use to define the new GPO and select Properties.
- Click the Group Policy tab, then click New.
- Enter a name for this new GPO.
- Click Properties.
- Select the Security tab.
- Add the Domain Computers group (or edit the existing Authenticated Users group) and assign the READ and APPLY GROUP POLICY rights.
- Click Edit to edit this new Group Policy.
- Expand the Computer ConfigurationSoftware Settings tree on the left side of the screen.
- Right-click the Software Installation tree option and select the menu item New, Package.
- An Open File dialog box should appear.
- Type in the UNC path to the server share where the MSI installer file is located.
- Select the appropriate MSI installer file and click Open.
- Select the Assign radio button and click OK. You have now created and assigned the Package Object.
- Right-click on the Package Object and select Properties.
- Click the Security tab and add Domain Computers to the security permissions. Ensure Domain Computers has the READ rights.
- Click the Advanced tab and select Domain Computers and click Edit. Assign – List Contents, Read All Properties, and Read Permissions checkboxes.
- Close the Group Policy window.
- Close the GPO window. The MSI package has now been defined and is now ready for deployment.
- Force replication to all other Domain Controllers. Reboot a machine contained within the Organization Unit for which you originally defined the GPO.
Workaround
Related Information
File Publisher: | SAP AG |
Copyright: | (C) 1999 – 2002 |
Product: | SAPPhone Server GUI |
Description: | XP Compatible Version |
File Name: | SPSGUI.exe |
Internal Name: | SPSGUI |
File version: | 2.05.0009 |