You may recall that McAfee started listing CPAU as an virus last year, now Trend Micro has jumped on board as well. I just received an email today that V01.11.00 was identified as TROJ_GENERIC.ZA starting with pattern 4.309.00 which the user received today.
I have emailed Trend to see if they intend this or it is accidental.
We just got caught too by a widespread false positive with Trend Micro and CPAU.
WORK AROUND:
I made a work around by “packing” the CPAU.EXE file with my favorite (free) EXE packer. Works like a charm.
Just thought I’d pass this along.
This is the 3rd file I’ve had to pack to sneak around Trend’s FALSE Postives. Better a False positive than an actual virus/trojan outbreak on 500 machines.
-Mike
FWIW, I assumed that packing it with a common packer would make no difference, because that is exactly what the bad guys do with their malware, therefore TrendMicro et al would certainly decode it and trigger on cpau.exe again anyway.
I do have some news, first the bad news: It’s been a full working day without feedback from TrendMicro support.
The good news: My vendor, Bell Security Solutions, has been most helpful, and they have talked to second level support at TrendMicro, who has since reclassified CPAU.exe as non-malicious and we can expect that the next CPR (Controlled Pattern Release) will not detect CPAU.exe … if you have access to that support level, they also have a “bandage release” available with a pattern that does not include CPAU.exe right now whose contents contain the version: lpt$vpn.318
I’ve confirmed that this release does not detect CPAU.exe and also does not detect it when it’s in a zip file (I like the belt AND suspenders approach).
Could it be that the newest virus definitions from TrendMicro with pattern Lpt$vpn.583 consider CPAU.exe V01.11.00 to be a virus again? At least here it has with a virus name of TROJ_Generic…
We are also receiving virus warnings as of yesterday. I had told TM not to look in the directory CPAU is stored, but apparently it’s being too nosy for its own good.