Hello,
I’m looking to install for testing and found check_mk_agent.msi created by install is marked as malware by Virustotal.
I have seen previous topics indicating false positive.
Interestingly a previous download from 2021 did NOT show as having malware in Virustotal.
Below is current message when testing file against VT DB.
Thank you,
Hi,
Further information…
Running CheckMK in Linux Docker Container on Windows.
Version Checkmk Raw Edition 2.2.0p11
The docker container pull of latest version creates a packaged agent for windows, “check_mk_agent.msi”.
When scanned by Sophos Central, as well as VirusTotal shows Malware and Sandbox alerts for this file.
Has anyone come across this?
Thank you,
Hi Triag3,
The first report indicates that 2 out of 62 antivirus scanners have flagged this file. This is usually an indication of a false positive. Just re-run the test in 1-2 days. For real malware, the number of AV scanners from major vendors that will flag the file at that time will be much higher.
If you look at the results in detail, you will see that the first scanner uses a generic identifier that includes “ml”. This is usually an indication that the machine learning part of the scanner has flagged the file.
Your second post does not show which AV scanners marked the file as bad.
Hi Tom201023,
Thanks for the info.
The second post AV scanners that marked the file as bad are
Trapmine & VBA32:
Hi Triag3,
I am not an expert on all the AV products, but never heard of Trapmine. If you look on the website, the company apparently will shut down: https://trapmine.com and Celebrating the 15th portfolio exit - Trapmine - Startup Wise Guys
I tried to find more about VBA32, which apparently is a company from Belarus. Here is their webpage, Купить и скачать антивирус VBA32 в Минске и Беларуси | Компания ВИРУСБЛОКАДА.
Hi Tom201023,
Thank you for the follow up info.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
