PROBLEM:
Spsgui.exe - This file is typically found only on workstations that have the SAP client installed. This file is loaded by the SAP client when it starts up and is used to send and receive faxes inside the SAP application.
PLATFORM:
McAfee VirusScan Enterprise: For details of all supported operating systems, see KB51109.
Corporate KnowledgeBase ID: KB51109
ABSTRACT:
This issue can affect all McAfee anti-virus products utilizing this DAT, however it will manifest itself only on endpoints such as VirusScan. Spsgui.exe - This file is typically found only on workstations that have the SAP client installed. This file is loaded by the SAP client when it starts up and is used to send and receive faxes inside the SAP application.
referenceĀ LINKS:
Corporate KnowledgeBase: KB51109
McAfee Product & Technology Support Lifecycle
IMPACT ASSESSMENT:
High
Discussion:
Detection name(s) causing the false: Generic.dx!yxk
File Name(s): Spsgui.exe - This file is typically found only on workstations that have the SAP client installed. This file is loaded by the SAP client when it starts up and is used to send and receive faxes inside the SAP application.
Solution:
Solution 1 - McAfee has posted the 6330 DAT files, and recommends applying these DATs as soon as possible.
Solution 2 - The following remediation tools are available:
* EXTRA.DAT please see KnowledgeBase article in the Extra.zip file. This negative extra DAT is used to suppress detection.
* SDAT_EM.exe please see KnowledgeBase article in the SDAT_EM.zip file. This SuperDAT can be deployed directly through McAfee ePolicy Orchestrator (ePO).
* sdatInstaller.msi please see KnowledgeBase article in sdatInstaller.zip. This can be deployed via a Group Policy if you have Active Directory as described below.