2 Replies Latest reply on Jun 8, 2018 10:05 AM by ssingley

    IEProxy.DLL being flagged as a virus Everytime im patching DMZ machines

    Joseph.Giovinco Rookie

      Good morning all.  I was hoping to save me a support call. 

       

      I have an issue that is constantly a problem every time we patch DMZ machines.  We have a PAN, and every time there is an execution of patches being deployed; PAN is saying the source (dmz machine), and the destination (ivanti console), is saying this below:

       

      Virus/Win32.WGeneric.rervj(2107546)reset-both

       

      misc: IEProxy.dll

       

      My only comment to this is, I am wondering if the DLL is being used to talk back to the Ivanti Console for listener feedback on patch status.  Can someone confirm this for me?  Or explain in detail as to how IEProxy.dll is being used during patching?

       

       

       

       

        • 1. Re: IEProxy.DLL being flagged as a virus Everytime im patching DMZ machines
          treed SupportEmployee

          Hi Joe,

           

          This is a recurring issue with Palo Alto network devices. IPW software status communication from the target machine simply transfers information across your network through Port TCP 3121 back to the console. This process is a simple transfer of files and does not interact with your proxy. Our software does use existing OS components to run processes, and while we don't utilize it our self, our strongest estimation is that one of these processes takes advantage of the system32 IEProxy.dll. To support this information further, if you run a web search for Virus/Win32.WGeneric.rervj(2107546)reset-both code, you'll find a lot of false positive posts for Palo Alto devices specifically. Regrettably, we would not have a solution for Palo Alto components that trigger this error. I do apologize for the inconvenience but we would ask you to reach out to Palo Alto for further troubleshooting and obtaining an exclusion list for there components. I do hope you find this information helpful.

          • 2. Re: IEProxy.DLL being flagged as a virus Everytime im patching DMZ machines
            ssingley Rookie

            We are also experiencing the same threat alerts for ieproxy.dll during patch scans on DMZ servers. We have attempting to find the ieproxy.dll file on our servers but have not found one that is the same hash value.

             

            We are also experiencing a similar issue with a file called "services.exe" that our Palo Alto is showing as a threat.

             

            Any specific information on how shavlik utilizes these windows components or why they could be a threat would be beneficial. We are also reaching out to Palo Alto for further analysis and help tracking down the files on our systems.