Topic
  • 4 replies
  • Latest Post - ‏2014-05-02T01:38:22Z by jgstew
Tim.Rice
Tim.Rice
2 Posts

Pinned topic Role of the GET folder

‏2014-04-18T22:37:23Z |

McAfee alerted on a .eml file in the "C:\Program Files\BigFix Enterprise\BES Client\__BESData\BigFix Labs\__Local\Get" folder.

Can some one explain what the "GET" folder is used for?

We think this is a false positive, but we are not clear on what is supposed to be in the GET folder.

 

  • Asaf
    Asaf
    1 Post

    Re: Role of the GET folder

    ‏2014-04-19T07:37:04Z  

    Hi,

    I got the same problem, The infected file was detected as Linux/Exploit-SSL.

    I think this is a false positive.

    Can someone confirm this?

     

  • AlanM
    AlanM
    1 Post

    Re: Role of the GET folder

    ‏2014-04-22T17:55:18Z  

    The __Local/Get folder in a site is used when the client performs a gather. The Server representation of the site is extracted here and the client will perform checks against this site to bring in the specific files it needs that may have changed. This allows the process to be interrupted without causing an issue with the site being in a compromised state.

  • MichaelBell
    MichaelBell
    2 Posts

    Re: Role of the GET folder

    ‏2014-04-25T15:30:09Z  
    • Asaf
    • ‏2014-04-19T07:37:04Z

    Hi,

    I got the same problem, The infected file was detected as Linux/Exploit-SSL.

    I think this is a false positive.

    Can someone confirm this?

     

    Tim & Asaf,

    BigFix Labs now includes a scanner for CVE-2014-0160 (Heartbleed) and although the scanner itself is NOT distributed via the site, it is referenced in the fixlets as well as general commentary about it. We believe McAfee is picking up on the content and incorrectly flagging them most likely based upon the commentary in the description, not any real threat.  There is NO malware being propagated via the site content.

    To confirm, the scanner binary is found at http://support.bigfix.com/labs/downloads/CVE-2014-0160.bfz and McAfee's own scanner shows this file to be free from malware as seen here: http://www.siteadvisor.com/sites/http%3A//support.bigfix.com/labs/downloads/CVE-2014-0160.bfz

    Unfortunately, there is nothing we can do about the false positive other than ensure you we have tested our content. Please contact your McAfee representation and request assistance in having the false positive corrected in your environment.

  • jgstew
    jgstew
    1 Post

    Re: Role of the GET folder

    ‏2014-05-02T01:38:22Z  
    • AlanM
    • ‏2014-04-22T17:55:18Z

    The __Local/Get folder in a site is used when the client performs a gather. The Server representation of the site is extracted here and the client will perform checks against this site to bring in the specific files it needs that may have changed. This allows the process to be interrupted without causing an issue with the site being in a compromised state.

    Thank you for the detailed explanation.