ArcSight Antivirus considering java App as ahigly risk thread

30 pts.
Tags:
ArcSight
Hello I have a java application which sniff the network traffic, I am using jpcap and winpcap in my application. Application runs fine with AVG antivirus.but when i did deploy my java application at customer environment where customer has ArcSight Antivirus. At that customer end ArcSight is repotting my Java Application as high risk thread and also consider as dialup app which is trying to accessing the other pcs. But in actual it really not like that its only sniff the traffic which comes on that particular pc’s LAN Card. What could be the possible reason for that as with AVG antivirus it working fine but with ArcSight Antivirus it considering the highly risk thread Plz let me know its possible reason and solution Thanks Regards Mudasser
ASKED: August 30, 2012  6:39 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    AVG and ArcSight are two very different products. AVG is less likely to notice much about your Java programming -- Java is hardly a "virus" kind of language in most senses.   But sniffing network traffic is blatantly a 'high risk' function to allow to run. I would expect ArcSight to raise an alert about it. If it didn't, it wouldn't be nearly as useful as it is.   If you need a resolution, you probably need to contact ArcSight. You might need to provide them with all details of your project. They aren't very likely to tell you how to circumvent their detection, but they might create a signature of your project that they can use to accept your project on the network. Maybe. I've worked with ArcSight before to gain ArcSight Certification for a product, and they're very good; but it's not trivial.   Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following