Binaries (like microsoft.practices.enterpriselibrary.common.dll) downloaded by WEB app to client PCs are detected by SEP 12.1 (active scan) as Malware (WS.Reputation.1)
Updated: 05 Dec 2011 | 4 comments
I have issue with SEP 12.1 (managed by EPO 4.6):
1) Our Web app requires some dlls (like microsoft.practices.enterpriselibrary.common.dll), so before start it downloads them to assembly folder on client PC. But SEP 12.1 (active scan) detects them as Malware (WS.Reputation.1);
2) Also, on User request , Web app can download some .msi to "temporary internet files" folder to be installed localy. But again SEP 12.1 (Active Scan) detect it as WS.Reputation.1.
3) Some *.exe files (internal tools), used for updating our Web app, detected by SONAR as Security Risk: Trojan Worm on server side
Note: "Download Insight" is disabled.
Could you please advice how to resolve this issue?
Thank you!
Discussion Filed Under:
Comments
If these are known good
If these are known good files, then you can create scan exceptions.
Creating exceptions for Symantec Endpoint Protection - http://www.symantec.com/business/support/index?pag...
Note: If you disable Insight lookups, the number of false positives from SONAR increases.
Handling and preventing SONAR false positive detections
http://www.symantec.com/business/support/index?pag...
Moving this thread to the Endpoint Protection forum.
Thank you, I hope it will
Thank you, I hope it will resolve the issue, but unfortunatelly it's not so good to have such sollution for application that is going to production.
Would be nice to submit our product as a trusted product with Symantec, is it possible? What is the proper way to do it?
Leonid, You submit
Leonid,
You submit applications and files for whitelisting here:
https://submit.symantec.com/whitelist/isv/
Paul Murgatroyd
Principal Product Manager, Symantec Endpoint Protection
Endpoint twitter feed: http://twitter.com/symc_endpoint
Some excellent
Some excellent recommendations for how to prevent a False Positive Detection are available in the Symantec white paper Sizing and Scalability Recommendations for Symantec Endpoint Protection.
Hope this helps!
With thanks and best regards,
Mick
Would you like to reply?
Login or Register to post your comment.