Highlighted
aioic Absent Member.
Absent Member.
3813 views

GW Messenger - Unable to install Client with Kaspersky AV

Kaspersky AV keeps giving me the following messages during GW Messenger 2.0.4:
\\DELL\SYS\Novell\NM\ma\software\client\win32\bin\NMCP32.DLL Trojan-Ransom.Win32.Hexzone.agn
C:\Novell\Messenger\NMCP32.DLL Trojan-Ransom.Win32.Hexzone.agn
C:\Novell\Messenger\NMCPfbb3.rra Trojan-Ransom.Win32.Hexzone.agn
C:\Novell\Messenger\NMCP63b1.rra Trojan-Ransom.Win32.Hexzone.agn

If I shutdown Kasperksy AV, the install goes through smoothly; however, as soon as KAV is reactivated, GWM does not start and spits out this message:
C:\Novell\Messenger\NMCP32.DLL is damaged or missing.
Kaspersky AV allows in its setting to make exceptions to various files through its Trusted Zone section which would be fine but they would have to done on each individual workstation (and we have over 100.)
Does anyone know how to shorten this process or suggest a way (perhaps in the NM folder) to bypass/overcome Kaspersky AV's incessant response?
Any help is much appreciated.
Labels (1)
0 Likes
6 Replies
Anonymous_User Absent Member.
Absent Member.

Re: GW Messenger - Unable to install Client with Kaspersky AV

aioic wrote:
> Kaspersky AV keeps giving me the following messages during GW Messenger
> 2.0.4:
> \\DELL\SYS\Novell\NM\ma\software\client\win32\bin\NMCP32.DLL Trojan-Ransom.Win32.Hexzone.agn
> C:\Novell\Messenger\NMCP32.DLL Trojan-Ransom.Win32.Hexzone.agn
> C:\Novell\Messenger\NMCPfbb3.rra Trojan-Ransom.Win32.Hexzone.agn
> C:\Novell\Messenger\NMCP63b1.rra Trojan-Ransom.Win32.Hexzone.agn
>
> If I shutdown Kasperksy AV, the install goes through smoothly; however,
> as soon as KAV is reactivated, GWM does not start and spits out this
> message:
> C:\Novell\Messenger\NMCP32.DLL is damaged or missing.
> Kaspersky AV allows in its setting to make exceptions to various files
> through its Trusted Zone section which would be fine but they would have
> to done on each individual workstation (and we have over 100.)
> Does anyone know how to shorten this process or suggest a way (perhaps
> in the NM folder) to bypass/overcome Kaspersky AV's incessant response?
> Any help is much appreciated.


Could it be a fact they deliver infected files??!!

-j-
0 Likes
sensusa Absent Member.
Absent Member.

Re: GW Messenger - Unable to install Client with Kaspersky

Have been running Kaspersky for 1 year. recent update causes flag that the c:\novell\messenger\nmcp32.dll is infected with
Trojan-Ransom.Win32.Hexzone.agn
suspect a false positive on this, and have submitted to Kaspersky support.
-SENS
0 Likes
swad Absent Member.
Absent Member.

Re: GW Messenger - Unable to install Client with Kaspersky

We are currently experiencing this same outbreak with Kaspersky 6.0.3.837. I'm currently chatting with KAV Tech Support now. I guess it could be one of two issues: 1) False-positive or 2) Infected installation files. Glad we aren't the only ones experiencing this. Misery loves company.
0 Likes
swad Absent Member.
Absent Member.

Re: GW Messenger - Unable to install Client with Kaspersky

FYI Update: In my efforts to restore an "infected" NMCP32.DLL file from KAV's backup for KAV Tech Support's examination, I found that KAV no longer flagged that file as a virus. Tech Support also confirmed this and said that it was probably patched in an update earlier today.
0 Likes
aioic Absent Member.
Absent Member.

Re: GW Messenger - Unable to install Client with Kaspersky

I forwarded messenger .exe file to Kaspersky's tech dept. They too believe it is a false positive. In the meantime, they recommend using their admin kit to setup global policies and include the "infected" files in the exclusion marks section. I followed their suggestion and now KAV does not make any more "squealing" sounds warning me that the files are infected. And the installation sailed through like a charm.
Thanks for sharing your expertise.
-aioic-
0 Likes
swad Absent Member.
Absent Member.

Re: GW Messenger - Unable to install Client with Kaspersky

aioic;1745970 wrote:
I forwarded messenger .exe file to Kaspersky's tech dept. They too believe it is a false positive. In the meantime, they recommend using their admin kit to setup global policies and include the "infected" files in the exclusion marks section. I followed their suggestion and now KAV does not make any more "squealing" sounds warning me that the files are infected. And the installation sailed through like a charm.
Thanks for sharing your expertise.
-aioic-


We are having issues getting Messenger reinstalled on those computers, and it's centered around the NMCP32.DLL file. I get the generic Windows error, "A device attached to the system is not running" (see attachment for screenshot of error).

I've tried uninstalling and reinstalling. I've also removed all references of NMCP32.DLL from the registry. I know that it's a good installation source, because I've successfully installed it on machines that didn't get the Kaspersky false-positive. I'm going to add that file as an exception to the admin kit, just in case it's KAV that's preventing it from happening.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.