Zeus IDE

Use this forum to ask for help, submit a bug report or make a suggestion.
http://www.zeusedit.com/zBB3/

AgentSVN blocked by McAfee when loaded int Visual Studio

http://www.zeusedit.com/zBB3/viewtopic.php?t=7692

Page 1 of 1

AgentSVN blocked by McAfee when loaded int Visual Studio

Posted: Wed Oct 11, 2017 2:59 pm
by jwolbeck2
Latest version of AgentSvn.dll hash:
MD5 - 7509646c34b2eebf18b735b99b2b623f
SHA-1 - c46668fa5861a0278d450cc05d4f8d4fd44059a3

Below are the McAfee block messages with the latest V2.62 dll. VirusTotal also comes back with 4 hits as well. McAfee only detects when launching Visual Studio. (I also verified that my Visual Studio hash matches what it should be)

ExP:Invalid Call Blocked an attempt to exploit C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE called from module AGENTSVN.DLL, which targeted the GetProcAddress API.

ExP:Invalid Call Blocked an attempt to exploit C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE called from module AGENTSVN.DLL, which targeted the CreateFileA API.

ExP:Invalid Call Blocked an attempt to exploit C:\PROGRAM FILES (X86)\MICROSOFT VISUAL STUDIO 10.0\COMMON7\IDE\DEVENV.EXE called from module AGENTSVN.DLL, which targeted the LdrGetProcedureAddress API.

Re: AgentSVN blocked by McAfee when loaded int Visual Studio

Posted: Thu Oct 12, 2017 2:50 am
by jussij
Thanks for the feedback.

Unfortunately, since I'm sure this is just a McAfee false alarm, there is very little that can be done at this end :(

FWIW this is the virus report for the AgentSVN.dll file as given by: http://virustotal.com
total_virus.png
total_virus.png (163.87 KiB) Viewed 48966 times
That report says 57 out of the 60 virus tools had no trouble with file and strangely enough it also says at least one version of McAfee was happy with the file :)

Here is a report given by: http://www.garyshood.com
garys_virus.png
garys_virus.png (58.94 KiB) Viewed 48966 times
Interestingly enough the error in this reports looks like some sort of error with their web site.

Cheers Jussi

Re: AgentSVN blocked by McAfee when loaded int Visual Studio

Posted: Thu Oct 12, 2017 1:37 pm
by jwolbeck2
Agreed it is very weird since McAfee does not detect it when scanned but only when its loaded into Visual Studio (But not PB). One more piece to the puzzle is that McAfee is claiming it is doing a "Host intrusion buffer overflow" which could possible be caused by a bug? I attached a screenshot to show what McAfee is saying if it as any value.

Re: AgentSVN blocked by McAfee when loaded int Visual Studio

Posted: Thu Oct 12, 2017 10:01 pm
by jussij
"Host intrusion buffer overflow" which could possible be caused by a bug?
That could be some indication of a bug in Agent SVN :?

Many functions of the MS-SCCI pass information in C like buffers and one of these might be getting overflown.

Which version of Visual Studio are you using :?:

What I would suggest is this:

1. Start the Agent SVN configuration from the desktop

2. Turn on the debugging option

3. Trim the log file

4. Run Visual Studio

5. Open the log file and see if Agent SVN wrote anything to the file.

That might show which MS-SCCI function was called.

Cheers Jussi
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited