False positive - SonicWall flagging PDQ Inventory as MalUAgent.MIP Trojan

When attempting to download PDQ Inventory SonicWall prevents the download with the MalUAgent.MIP Trojan warning.

This is a false positive. SonicWall has documented the following workaround.


How do I resolve a false positive for Gateway Anti-Virus


If you are experiencing a false positive against any of the GAV signatures, you have a couple of options depending on the urgency to complete the communication that is proving problematic.

  1. You can disable the signature in question by searching for the signature string on the Security Services > Gateway Anti-Virus configuration screen and unchecking the "enable" box next to that particular signature.
  2. Using System > Packet Capture gather both a libpcap and html version of the problematic traffic. Submit the packet captures, a TSR and exp file to SonicWALL technical support for review. We will work to redesign the signature or disable the signature globally if proves to be an issue for many of our customers.
Still have a question or want to share what you have learned? Visit our Community to get help and collaborate with others.