AgentSVN blocked by McAfee when loaded int Visual Studio

If reporting a bug with the Agent Git or Agent SVN plug-ins please post the details here. Please do not post questions here.
Post Reply
jwolbeck2
Posts: 2
Joined: Wed Oct 11, 2017 2:39 pm

AgentSVN blocked by McAfee when loaded int Visual Studio

Post by jwolbeck2 »

Latest version of AgentSvn.dll hash:
MD5 - 7509646c34b2eebf18b735b99b2b623f
SHA-1 - c46668fa5861a0278d450cc05d4f8d4fd44059a3

Below are the McAfee block messages with the latest V2.62 dll. VirusTotal also comes back with 4 hits as well. McAfee only detects when launching Visual Studio. (I also verified that my Visual Studio hash matches what it should be)

ExP:Invalid Call Blocked an attempt to exploit C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE called from module AGENTSVN.DLL, which targeted the GetProcAddress API.

ExP:Invalid Call Blocked an attempt to exploit C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE called from module AGENTSVN.DLL, which targeted the CreateFileA API.

ExP:Invalid Call Blocked an attempt to exploit C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE called from module AGENTSVN.DLL, which targeted the LdrGetProcedureAddress API.
Top
jussij
Site Admin
Posts: 2650
Joined: Fri Aug 13, 2004 5:10 pm

Re: AgentSVN blocked by McAfee when loaded int Visual Studio

Post by jussij »

Thanks for the feedback.

Unfortunately, since I'm sure this is just a McAfee false alarm, there is very little that can be done at this end :(

FWIW this is the virus report for the AgentSVN.dll file as given by: http://virustotal.com
total_virus.png
total_virus.png (163.87 KiB) Viewed 48875 times
That report says 57 out of the 60 virus tools had no trouble with file and strangely enough it also says at least one version of McAfee was happy with the file :)

Here is a report given by: http://www.garyshood.com
garys_virus.png
garys_virus.png (58.94 KiB) Viewed 48875 times
Interestingly enough the error in this reports looks like some sort of error with their web site.

Cheers Jussi
Top
jwolbeck2
Posts: 2
Joined: Wed Oct 11, 2017 2:39 pm

Re: AgentSVN blocked by McAfee when loaded int Visual Studio

Post by jwolbeck2 »

Agreed it is very weird since McAfee does not detect it when scanned but only when its loaded into Visual Studio (But not PB). One more piece to the puzzle is that McAfee is claiming it is doing a "Host intrusion buffer overflow" which could possible be caused by a bug? I attached a screenshot to show what McAfee is saying if it as any value.
Attachments
Capture.PNG
Capture.PNG (59.76 KiB) Viewed 48868 times
Top
jussij
Site Admin
Posts: 2650
Joined: Fri Aug 13, 2004 5:10 pm

Re: AgentSVN blocked by McAfee when loaded int Visual Studio

Post by jussij »

"Host intrusion buffer overflow" which could possible be caused by a bug?
That could be some indication of a bug in Agent SVN :?

Many functions of the MS-SCCI pass information in C like buffers and one of these might be getting overflown.

Which version of Visual Studio are you using :?:

What I would suggest is this:

1. Start the Agent SVN configuration from the desktop

2. Turn on the debugging option

3. Trim the log file

4. Run Visual Studio

5. Open the log file and see if Agent SVN wrote anything to the file.

That might show which MS-SCCI function was called.

Cheers Jussi
Top
Post Reply

Return to “Reporting a Bug”