Symantec doesn't like latest MLV

elaw · Post by **elaw** » Thu Jan 15, 2015 9:01 am

So... yesterday I let MLV auto-update to the latest version.

And today, Symantec endpoint protection decided that MegaLogViewer.exe is infected with the Trojan.Gen.SMH virus!

I assume this is a false positive, but what's the best way to deal with it?

Update: I fixed the immediate issue by excluding the EFI Analytics program folder in Symantec, and also submitted the file to them as a false positive.

LT401Vette · Post by **LT401Vette** » Thu Jan 15, 2015 9:21 am

Update: I fixed the immediate issue by excluding the EFI Analytics program folder in Symantec, and also submitted the file to them as a false positive.

Submitting the false positive is what generally needs to be done. False positives do come up some times.
Keep me posted on there response or any further action needs to be taken.

elaw · Post by **elaw** » Fri Jan 16, 2015 4:37 am

Response from Symantec this morning:

In relation to submission [3705946].

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

3688F713A59654A464AF9D7FA2ACC9BF - megalogviewer.exe

Looks like we win!

LT401Vette · Post by **LT401Vette** » Fri Jan 16, 2015 6:41 am

They did that quick too.

whittlebeast · Post by **whittlebeast** » Fri Jan 16, 2015 7:48 am

Mine Is still misbehaving.

LT401Vette · Post by **LT401Vette** » Fri Jan 16, 2015 8:09 am

whittlebeast wrote:Mine Is still misbehaving.

It will take until the next definition file update by Symantec is put out.

Also the HD edition may take another change as it is a difference, but almost identical exe. Hopefully they get back on that soon.

I think I really need to start digitally signing my installers and executables, the world it becoming much more sensitive to unsigned apps.

elaw · Post by **elaw** » Fri Jan 16, 2015 8:15 am

whittlebeast wrote:Mine Is still misbehaving.

I fixed it on my machine by telling Symantec to exclude the MLV program folder.

I tried to exclude just the executable itself, but as soon as I selected it in the "exclude" dialog, Symantec auto-protect would kick in and quarantine the file, and then setting the exclusion would fail because the .exe was no longer present. Typical Symantec stupidity.

LT401Vette · Post by **LT401Vette** » Fri Jan 16, 2015 8:18 am

I fixed it on my machine by telling Symantec to exclude the MLV program folder.

I think maybe what they don't like here is that the exe really just kicks off the javaw.exe in the runtime/bin subdir.

Megasquirt Support Forum (MSEXTRA)

Symantec doesn't like latest MLV

Symantec doesn't like latest MLV

Re: Symantec doesn't like latest MLV

Re: Symantec doesn't like latest MLV

Re: Symantec doesn't like latest MLV

Re: Symantec doesn't like latest MLV

Re: Symantec doesn't like latest MLV

Re: Symantec doesn't like latest MLV

Re: Symantec doesn't like latest MLV