Closed prateeeks closed 2 years ago
xeraph
commented
2 years ago @prateeeks First, paste a screenshot of your antivirus scan. Antivirus can use simple pattern matching, so it can mark a mitigated JAR as vulnerable. In this case, you should contact your antivirus vendor.
prateeeks
commented
2 years ago 
xeraph
commented
2 years ago This screenshot does not contain actual vulnerable file path. If scanner printed Fixed and antivirus specified same file path, you can safely click ‘Ignore Risk’.
Maybe you are using centralized antivirus management console. (There is a View Devices button.) In that case, you must fix all devices under control.
Btw, what’s the name of this antivirus product?
prateeeks
commented
2 years ago Yes I understand it doesn't show the path.
I removed the vulnerable application from the system and the Vulnerable device was no longer showing as Vulnerable for log4j.
We are using Bitdefender Gravityzone Business Security.
I ran below command but still my Risk Scan of my Antivirus sees the system as vulnerable.
log4j2-scan.exe --fix --all-drives
Version used: logpresso-log4j2-scan-2.8.1-win64
Please suggest a solution.