Snare Server download files – false positives


SUMMARY

Dec 20, 2017

Antivirus (AV) software may occasionally generate reports of alerts with Snare Central Server official release files.

For example,

Trojan-ArcBomb in the "SnareServer-v7.1.4.iso" and "SnareServer-v7.2.0.iso" files

In this case, the AV is detecting the testing payloads from OpenVAS. It is not the Trojan implant, but the detection payloads used by the vulnerability scanner. The OpenVAS software has many malicious payload detection components and could result in many false positives if scanned directly by AV.

Intersect Alliance can confirm it is a false positive in this context.