Ayuda de vídeo de Screencast

Adobe Gamma Loader.exe alerts today

Created: 21 Sept 2012 • Updated: 08 Oct 2012 | 15 comments
Se ha solucionado este problema. Vea la solución.

Hi All,

Anybody receiving virus alerts on C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe?

Google searches indicate this is a legitimate software but it's popping up on different systems.

Comentarios ComentariosIr al último comentario

el cuadro de los ragenkagen

I am getting these too and actually had made another post as well, hopefully Symantec will have more info soon.

el cuadro de los mm12345

Why can't we find more on this!! I keep getting these!!  It's getting deleted but it's concerning me now.

el cuadro de los ChristinaV

We are also getting these.  Have either of you submitted the file to Symantec?

el cuadro de los mm12345

No I haven't, I will.

I was trying to figure out some correlation!

el cuadro de los mm12345

I can't submit, because the files were deleted.  I will have to think of something or change the setting.

el cuadro de los Michael B.

Submission Summary
Files Submitted
# Filename MD5 Determination Signature Protection Name RR Seq#
1 adobe gamma loader.exe C2FF17734176CD15221C10044EF0BA1A Clean N/A  N/A

Developer Notes:
adobe gamma loader.exe is a clean file.

Assessment File1:  adobe gamma loader.exe (113664 bytes)
MD5:  C2FF17734176CD15221C10044EF0BA1A
SHA-1:  C5B97DCD1EF1DD4A0FB5D7CE13E85FE1820CEF47
SHA-256:  B0D83215E105E2CC88AAA556B1DF380B2E67500A21077F83447199DB8E8CB7BD
Machine: Machine
Determination: Clean
Determination Detail:  This file is clean.

This message was generated by Symantec Security Response automation.

Should you have any questions about your submission, please contact our regional technical support from the Symantec Web site, and give them the tracking number included in this message.

el cuadro de los P_K_

Can you open a case with Symantec and ask it be relooked.

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

el cuadro de los lfly

I didn't fair so well. Symantec permanently deleted the Adobe Gamma Loader from my PC! Not good!

Suggestions?

el cuadro de los Michael B.

I'd might suggest adding to central exception policy to prevent further impact until the issue is resolved rather than reducing security.

el cuadro de los Michael B.

Ifly -- Check your quarantine.  Even if SEP is configured to delete the file, it might still have a backup in Quarantine.  If so, you can still restore the file by selecting the item in Quarantine and clicking on 'Restore'.

If your configuration policy isn't set to backup files before deletion, then you can only change that setting to protect yourself next time.

I opened a case with Support, and they confirmed the false positive.  It should be fixed in certified defs r17 from today, or for sure in tomorrow's base certified defs.

I'll leave my centralized exception entry in place until Monday just to be sure ;)

el cuadro de los Brɨan

Confirmed false positive?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

el cuadro de los Ashish-Sharma

hi,

You can Submit Virus Samples file

http://www.symantec.com/security_response/submitsamples.jsp

How to submit a file to Symantec Security Response using Scan and Deliver

http://www.symantec.com/business/support/index?page=content&id=TECH98706

Thanks In Advance

Ashish Sharma

el cuadro de los ChristinaV

Hi Folks: 

We have been able to confirm this as a false positive.  The Symantec folks stated that the file was clean.

Christine

el cuadro de los Mithun Sanghavi

Hello,

Symantec have received multiple reports of a file named Adobe Gamma Loader.exe being detected as Trojan.Gen.X. It is confirmed this was a False Positive.

It was resolved as of definition Version: 20120921.003.

It is recommended to make sure you are running the Latest version of Virus Definitions on the Symantec Endpoint Protection clients.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUCIÓN
el cuadro de los Mick2009

Confirmed: the current certified definitions should not detect the valid/legitimate "Adobe Gamma Loader.exe" files as Trojan.Gen.X.  If anyone is seeing this file still being detected with today's current defs, please be aware that it may be a malicious file using the name of that Adobe file.

With thanks and best regards,

Mick