False positive - SonicWall flagging PDQ Inventory as Malware or Trojan

When attempting to scan devices with PDQ Inventory, SonicWall prevents the scan with a Trojan warning, which is a false positive.

Troubleshooting

Attempting to scan devices will result in any of the following outcomes:

  • The scan times out.
  • No scan results are returned back to PDQ Inventory.
  • Scans fail with the "Failed to copy file to target" error.
  • Scans fail with the "ReturnCode cannot be null" error.

When reviewing the Service.log (\\target-pc\ADMIN$\AdminArsenal\PDQInventory-Scanner\Service.Log) file from the scan, the log shows no indication that the PDQInventoryScanner.exe process gets created.

Resolution

Add exclusions to the SonicWall Cloud Gateway Anti-Virus. The Cloud AV Signature IDs listed below are those we have identified from past encounters with this behavior. However, the specific Cloud AV Signature ID that needs to be excluded will depend on the version of PDQ Inventory in use.

Known Cloud AV Signature IDs:

  • 79714297
  • 84529750

The linked external documentation from SonicWall explains how these exclusions can implemented.

Features and Enabling of Cloud Gateway Anti-Virus | SonicWall
How can I add a file to Cloud AV DB Exclusion list based on its cloud-signature? | SonicWall

 

Was this article helpful?
Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.