1. PDQ Deploy & Inventory Help Center
  2. Community
  3. PDQ Deploy

PDFCreator & Opencandy

Avatar
Dongraham

Hello,

I just pushed out PDFCreator and am seeing my virus scanner alerting me of Adware Opencandy. Is PDFCreator being bundled with Adware again? I am pushing out PDFCreator 2.0.2, my virus scanner is Vipre 7.0.3.12 and the agent version is 38274.

 

Thanks

Don




pdfcreatorvirus.png
0

Comments

4 comments
Date Votes
  • Avatar
    Shane Corellian

    If you use the package from the Package Library then the OpenCandy shouldn't be installed. If you install PDFCreator interactively (i.e. running the setup manually and just answering the questions) then you will presented with their foistware. When you deploy PDFCreator silently then the foistware crap isn't placed on the targets. We also go the extra mile and specify that only PDFCreator and the images2pdf components get installed and nothing else. You can see how we do that by looking at the Parameters field.

    /ForceInstall /VERYSILENT /SP- /NORESTART /SUPPRESSMSGBOXES /components="program,images2pdf" /tasks="winexplorer,!desktopicon"

    This means that the install file, PDFCreator-2_0_2-setup.exe, may very well get flagged but the installation on the targets shouldn't (if deployed with the parameters above). We tested the final result using Malwarebytes and it came back clean. As a control I installed PDFCreator manually and said Yes to the crapware and sure enough Malwarebytes caught it.

     

     

    0
  • Avatar
    Dongraham

    I ran the package from the Package Library. I double checked the above Parms and they are in the package. I will test this against one of our computers with Malwarebytes in-case Vipre is over eager. The one thing I notice is during the deploy the PDFCreator-2_0_2-setup.exe got caught but 30 seconds later a plugin was also caught for Firefox from the install. 

    0
  • Avatar
    Shane Corellian

    Thanks for your efforts. One thing you can try is this: append the /NOCANDY parameter to your parameters field.

    /ForceInstall /VERYSILENT /SP- /NORESTART /SUPPRESSMSGBOXES /components="program,images2pdf" /tasks="winexplorer,!desktopicon" /NOCANDY

    It may not do anything but maybe it will change the deployment enough to put Vipre at ease. Technically speaking it should be unnecessary since the /components feature is supposed to be exclusive but I may be wrong.

    If the /NOCANDY does in fact resolve it please let us know and we will add that to the Package.

    0
  • Avatar
    Dongraham

    It seems like the Virpe Def 38274 catches it but not the latest definitions. I will make sure before deploying I have the latest Defs installed. Thank you for your quick responses! 

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post