IntraWeb setup and AV false positives - Printable Version +- Atozed Forums (https://www.atozed.com/forums) +-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html) +--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html) +---- Forum: English (https://www.atozed.com/forums/forum-16.html) +----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html) +----- Thread: IntraWeb setup and AV false positives (/thread-476.html) |
IntraWeb setup and AV false positives - Alexandre Machado - 07-04-2018 Today we received 2 different support requests from users informing that their Antivirus software identified IW14.2.8.exe as a virus/trojan. Among the AV software we find Kapersky, Zone Alarm, Windows Defender and Symantec. Kapersky is famous for its heuristic engine false positives, specially against binaries compiled by any Delphi version. Zone Alarm shares the same engine so whenever Kapersky reports something, Zone Alarm will do the same. (Un)Fortunately, Delphi is one of the few *real* programming languages left and that's why it is used by many virus creators We have reported the false positives to Microsoft and Symantec. We already have Symantec response, confirming that the report is a false positive, as follows: In relation to submission 97436. Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products: File name: iw14.2.8.exe MD5: F613B07B34D31EB7B5CDE221A95FFDFA SHA256: 53057B142527CFE5885CAF88802AFBD8EE44AAD3D78CC5B173AC79DFD746E4D5 Note: Whitelisting is available by downloading a RAPID RELEASE indicated in the Further Information section below or via the next Live Update Further Information: Required RAPID RELEASE sequence >= 194141 The latest Rapid Release definition available here: ftp://ftp.symantec.com/AVDEFS/norton_antivirus/rapidrelease To check the current sequence number of the Rapid Release definition: https://www.symantec.com/security_response/definitions/rapidrelease More information on Rapid Release definitions can be found: https://support.symantec.com/en_US/article.TECH103326.html If detection persists, please contact support: * Norton: https://support.norton.com/sp/en/us/home/current/info * SEP: https://support.symantec.com/en_US/endpoint-protection.54619.html Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape. For more information on best practices to reduce false positives: https://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf Sincerely, Symantec Security Response https://www.symantec.com/security-center |