GVC 4.10.5.1021 - Identified as trojan / malware
asiddiqui
Newbie ✭
in VPN Client
I just downloaded version 4.10.5.1021 after login to mysonicwall.com and my A/V blocked the software. After checking the hash on virustotal.com, there are atleast 13/71 engines identifying it as trojan/ malicious. Can someone take a look at it and determine whats the cause of this and should we worry about supply chain issue here?
File Name: 184-009933-00_GVCSetup32.exe
File Hash: 16c9b383a567b33f3ad3aa9be8832246191d9b7ac04f68c8d2f9589943f26131
VirusTotal Link: https://www.virustotal.com/gui/file/16c9b383a567b33f3ad3aa9be8832246191d9b7ac04f68c8d2f9589943f26131/detection
Category: VPN Client
0
Answers
Hello @asiddiqui,
I have forwarded this information to the concerned team. I will update you as soon as I hear back from them.
Thanks for bringing this to our notice.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
I got the exact same issue with the 64 bit installer.
File: 184-009934-00_GVCSetup64.exe
Hash: F6747BB079B0101650154F55903EBBFC444B01083CF01AA27C81818411F12799
Virus total: https://www.virustotal.com/gui/file/f6747bb079b0101650154f55903ebbfc444b01083cf01aa27c81818411f12799/detection
Same here, it also breaks Path variables if installed.
Global VPN Client (64-bit)4.10.5.1021
Also can be GAV detected as virus!
Gateway Anti-Virus Alert: JSAgent.U_383 (Trojan) blocked.
Same here and for the 32-bit version too. They do not appear to be digitally signed.
No response from Sonicwall yet on whether this version being flagged as malware is actually safe or not. Instead of answering that at all support gave us a pre-release version 5 that is coming back clean on virustotal, but is also buggy with versions of Win 10 lower than 2004. We also dont know if version 5 fixes the vulnerabilities listed in their threat advisory.
Hello,
This is the update that I received from the backend team.
Our GVC installer is created as a RarSFX – which is a form known to be used by malware – hence some AV engine (likely via some ML or heuristic logic) are erroneously detecting it as malware. But again – our GVC installer (16c9b383a567b33f3ad3aa9be8832246191d9b7ac04f68c8d2f9589943f26131) is a clean file.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Are you saying a RarSFX file does not need to be digitally signed? Download and check the properties of a previous version like GVCSetup64_4.10.4.0314.exe file and compare it to the GVCSetup64_4.10.5.1021.exe. The former is signed and the latter is not. If 0314 and 1021 were both created with RarSFX and the 0314 version downloads fine, the issue with 1021 may be the signature.
Hi All,
This reported issue "GVC 4.10.5.1021 - Identified as trojan / malware" has been fixed, could you please attempt to download the GVC client version 4.10.5 from mysonicwall again?
Following are the latest virustotal results for the 64-bit and 32-bit GVC:
https://www.virustotal.com/gui/file/59a6084cd6423cc36d010e10f7d2a155f1ed8e284cd41b2a89f1cfdc610fe565/detection
The installer shows verified publisher as Sonicwall Inc.
Please let us know.
Thank you.
At this time, virustotal shows 2-3 engines flagging it as potential malware between 32 and 64-bit versions.
@GeorgeTheFat,
I would request you to kindly reach out to our Support team so that this can be addressed in a better manner. Please use the following link. Unfortunately, I haven't been able to get more info on this specific issue.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services