Endpoint Protection

Hi,

I was wondering if anyone else using HP SIM is having this problem.  A new support file was downloaded this past Saturday and SEP thinks it is infected with Adware.Gen.  The file name is CP009520.exe.  One person on the HP forums noticed this as well but no response from support.

You might want to make a false positive submission.

https://submit.symantec.com/false_positive/index.html

I'd sooner contact HP and tell 'em to get the marketing research and tracking software out of their software installations.
Not that this is the case in THIS install you have, but just install an HP all-in-one printer/fax/copier and do some digging into what gets put on.
HP is among the worst offenders for placing "market research" software in their stuff. And you can't install just drivers, you have to accept it all to get anyway.
I just had to unload about HP - it's one reason we didn't buy their scanners but went with Epson.
I've been watching what the HP local printers do on the client computers too when the computers are restarted........ they are tracking and watch you.............
Yeah, submit as a false-positive, but be afraid, be very afraid of what HP is up to in their software.

You cant say that for sure, The good chances are that the vendor(HP) is innocent. Remember the PIFTS.EXE uproar? .

http://community.norton.com/norton/board/message?message.uid=74840

http://community.norton.com/norton/board/message?board.id=nis_feedback&thread.id=39123


Also contact support as the link above states
"Platinum and Gold Customers: Please contact Technical Support for assistance reporting false positives."

Here's the strange thing, this update is for ProLiant BL p-Class GbE2 Interconnect Switch Management Utilities for Windows and is dated 22 Aug 2008 (shouldn't contain any marketing applications).  I wonder is it's a definition update causing this?  This server was upgraded from MR4 to MR4 MP1A on 5/12/09.  I'll call tech support about this if it continues to be a problem in a couple of days.

Wow, I submitted the false positive suggestion and Symantec responded in less than one hour!  Excellent job!!!

We are writing in relation to your submission through Symantec's on-line False Positive Dispute Submission form for the ProLiant BL p-Class GbE2 Interconnect Switch Management Utilities for Windows setup file being detected by Symantec Software. In light of further investigation and analysis Symantec is happy to remove this detection from within its products.

The updated detection will be distributed in the next set of virus definitions, available daily, or weekly via LiveUpdate, depending on Symantec product version, or daily from our website at

http://securityresponse.symantec.com/avcenter/defs.download.html
 

Excellent, That's probably the fastest I have ever seen.

In the past, I have seen security alerts and firewalls go crazy from outgoing traffic.  Upon further investigation, you will notice with a little digging, that your machine, with HP drivers installed on it, will establish and maintain an open TCP connection to their sites.  Some of them are masked and hard to track into HP, but with a little effort and the right tools, it is them, every single time.

That symantec would respond that fast and remove the alert that fast is actually concerning.  If their software is actually transmitting data, I would rather know of the risk and block that transmission, rather than having it pushed under the rug... 

Comes back to a different thread in these very forums, where "Angry IP" is considered a threat and "will not be removed as such any time soon" according to Paul M., however known tracking large business, that ship their machines with "going to go out on a limbe here", a trial AV from... 

Gets almost instantly whitelisted...  Interesting.

I continue to fight for the removal of HP stuff here......... and continue to remove the spyware they install with each software install. I block their file-writes to the profile area and transmissions back to mama.
If they have questions for me about how we use their products, they can bloody ask me.
But don't spy on me and report back secretly to home or a THIRD PARTY - as IMO, anyone that spies is a spy, anyone that installs software beyond the drivers I ask for is breaking my confidences, and HP is a big offender. Do some digging........

Kudos to Symantec for fast repsonse, maybe - I think???
I just hope that back oriface and HPs "market research" app (yeah, they call it that) and others don't get whitelisted as well.
I'd rather see a groundswell against HP, and folks contacting HP with a "what gives" than going the other direction, accepting it as acceptable behavior. Get them to remove their junk so that security products don't balk against it.
Them's my opinions anyway, worth all that you paid for them!  ;-)

I was reading this info and would like to know how to "Block the file-writes to the profile area and transmissions" that you spoke of ShadowsPapa. I need to get this to stop popping up after a system scan. I have an HP Laser Printer. Ugh!