Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
IntraWeb setup and AV false positives
Today we received 2 different support requests from users informing that their Antivirus software identified IW14.2.8.exe as a virus/trojan. Among the AV software we find Kapersky, Zone Alarm, Windows Defender and Symantec.

Kapersky is famous for its heuristic engine false positives, specially against binaries compiled by any Delphi version. Zone Alarm shares the same engine so whenever Kapersky reports something, Zone Alarm will do the same. (Un)Fortunately, Delphi is one of the few *real* programming languages left and that's why it is used by many virus creators  Tongue

We have reported the false positives to Microsoft and Symantec. We already have Symantec response, confirming that the report is a false positive, as follows:

In relation to submission 97436.

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: iw14.2.8.exe
    MD5: F613B07B34D31EB7B5CDE221A95FFDFA
    SHA256: 53057B142527CFE5885CAF88802AFBD8EE44AAD3D78CC5B173AC79DFD746E4D5
    Note: Whitelisting is available by downloading a RAPID RELEASE indicated in the Further Information section below or via the next Live Update
Further Information:
Required RAPID RELEASE sequence >= 194141

The latest Rapid Release definition available here:
To check the current sequence number of the Rapid Release definition:
More information on Rapid Release definitions can be found:

If detection persists, please contact support:
* Norton:
* SEP:

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

For more information on best practices to reduce false positives:

Symantec Security Response


Forum Jump:

Users browsing this thread: 1 Guest(s)