Yes, we also see these FP, xls. file coming from mails.

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Bloodhound.Exploit.459
File: XxXxX.xls
Location: Mail System
Computer: XxXxX
User: XxXxXX
Action taken: Neutralized by Quarantine failed : Neutralized by Quarantine failed
Date found: 8. maj 2012  14:09:42

Yeap, Same here

Confirmed.  We are having the same issue.  It does seem to be affecting XLS files only at this point.  Unfortunately I have not received a call back from Symantec as of yet.  We have not yet come across any specific threat in any of the files, and have not ruled out that it may be a false positive detection. 

Symantec, we sure could use an answer on this one....

Here too, triggered by a .xls file in Outlook.  Action Taked was "Left Alone" and log shows an exception was generated.

We are seeing this as well on .XLS files. We have scanned several of them with multiple online scanners and all report the files are clean. I'm certain these are false positives.

Many thanks for opening this thread, Stephan-  We are looking into this matter now.

There is no need to contact Technical Support for this issue at the present time.

I will update this thread when there is more information available.

I'm in the wait for a technitican, it there any of you which have talked with Symantec about it?

Have the same issue here. Left alone /Auto-Protect..

Hopefully symantec comes up with a solution pretty quick.

i am getting the same problem just with excel files.

The same with files inside Notes, and annoying information about unsuccessfull quarantine in almost every email.

We're having the same here, only excel files so far and the action is 'left alone'.

On a side note, only one part of our network has this problem, the other seems to be fine. On the part that's fine people aren't allowed to preview documents in outlook, the part where we get the reports they are.

Yes, we're seeing this too.  Any time someone previews an Excel worksheet from within Outlook we're getting the 'Bloodhound.Exploit.459' SEP pop-up.  Opening the files outside of Outlook doesn't cause any problems and both a manual scan from SEP and other online scanners says the file is clean.

Same symptoms as everyone else. .XLS files inside emails are being flagged as Bloodhound.Exploit.459 . Quarantine fails. The files will open fine when you save them to local disk and open. 

We use:

Exchange 2008
Office 2010
Symantec Endpoint Protection 12

We are experiencing the same thing.  Outlook and xls files but nothing quarantined and everything comes up clean.

Action taken: Neutralized by Quarantine failed : Neutralized by Quarantine failed
File status: Infected

This is the message we are getting.  Hopefully Symantec does something soon

I hope it will be solved as soon as possible

Hello All,

I agree with Mick. "Thumbs Up" to him.

Symantec Security Response Team is looking into this and we would update this Thread as soon as there is an update on this Issue.

Exactly the same issue here. Only .xls files appear to be affected (no .xlsx). Event action Virus Found (Left Alone).

Only appears on xls files

Hello All,

Here the same problems, the same "exploit" from different email/xls

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Bloodhound.Exploit.459
File: *.xls
Location: Mail System
Computer: *
User: *
Action taken: Neutralized by Quarantine failed : Neutralized by Quarantine failed
Date found: 08 май 2012 г.  15:59:59 ч.

....maybe a problem with the new  definitions ??

Waiting for answer... !

We're seeing this too.   It looks like Symante for Exchange is actually removing the attachments.  That's not good.

Although, here it doesn't seem to be triggered when I send .xlsx files.  Its only the .xls.  Can someone with excel 2k confirm?

we are running SEP 12.1 RU1 and are having Bloodhound.Exploit.459 being identified in XLS documents via Outlook 2010.

was this a bad definition update? when can we expect an update.

thank you, have an awesome Tuesday all.

We are seeing this false-positive as well.  SEP12.1 RU1.

This was brought to my attention, and couldn't find anything on it...the Hey presto!

This is just from opening from Outlook, at far as I can see.

just had symantec on phone to me and confirmed they are aware of this and they are working on it for the fix globally, it seems the latest defination file they sent out might have got some issue. 

I will get an update on phone or email about the same asap.

keep you posted

We are getting the same false positive messages as well since this morning, however users are still able to open .xls attatchments within outlook.

Unable to find anything wrong with the file, only when pulling it out of outlook does Symantec alert. After it has been moved out of Outlook manual scans return nothing. Although it looks like this is an experimental

Risk Type
Bloodhound.Exploit.459
Experimental heuristics

Action Source
Left alone
Auto-Protect

Lots of complaints today on this bloodhound issue. For starters I lowered the level of detection and emailed the plaintifs that it is a fals positive

It started with update version R38 . Workstations with R22 have no problems.

We use SEP 12.1

Don't think for a minute that the problem is limited to .xls files, Yes, while most are .xls I have one reported on a .ppt...so keep your eyes open while we wait for Symantec to provide us with something

I have confirmed that with us all the alerts are with .xls files.  Also...I just created a brand new .xls file with just the words test file in a cell and as soon as I emailed it the alert was generated.  It seems to be related to emails as well as just opening the blank file didn't cause the problem.

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: Bloodhound.Exploit.459
File: xxx.xls
Location: Mail System
Computer: xxx
User: xxx
Action taken: Neutralized by Quarantine failed : Neutralized by Quarantine failed
Date found: Tuesday, May 08, 2012  3:59:22 PM

Security risk detected: Bloodhound.Exploit.459 Action taken: Neutralized by Quarantine failed : Neutralized by Quarantine failed File status: Infected

on Excel files attached within Outlook --beginning this morning.

Hi, we faced the same 1 hour back and it is spreading like crazy. I am on call with a Symantec specialist on the phone.

Risk name: Bloodhound.Exploit.459
File path: Bookstore.xls
Event time: May 8, 2012 7:59:12 AM

Any updates yet?

We're having the same issue. I've called Symantec as well and am waiting on a tech to call back.

The False positive would be gone as soon as the issue gets resolved by Symantec. Kindly Do not Panic.

Security risk detected: Bloodhound.Exploit.459 Action taken: Neutralized by Quarantine failed : Neutralized by Quarantine failed File status: Infected
Attachment: COAL 5-4.XLW
Security risk detected: Bloodhound.Exploit.459 Action taken: Neutralized by Quarantine failed : Neutralized by Quarantine failed File status: Infected

Does Symantec have an ETA of when this fix will be pushed out?

Same issue here.

Bloodhound.Exploit.459 message on 6 computers until now.

would just be nice to be informed within the console or the security response site that there is a problem with false positives. Have been wasting much of my afternoon hunting a ghost :(

A lot of people are gorwing really concerned on this.  Clients, Employees, Non-Tech People, Etc. are very worried we are infected.  We need answers!  We also need an ETA on the Fix?

Should we roll back on the definition until this is fixed?

My report server is sending out 100's of emails containing xls files, need a fix ASAP. Has anyone heard of anything yet?

It's very strange, cause it's not happening on all systems, although the have the same product (version, RU, pathces, etc) installed, the same policy applied, an so on. The same xls' pop up on some machines, and on other do not..

by the way: 12.1.1000.157 RU1

10x

How can they be so sure that it is indeed a false positive??.....I would like to see Symantec post some kind of evidence to the Falso Positive theory.

PLEASE !!!!!

Waiting for update here as well.

Our organization wants an update as well. Many users are skeptical, please provide ETA.

After testing on several Excel files. It only happens from Outlook with .XLS files not on .XLSX files.

Having same problem.  Only work around I have found is to turn off Microsoft Outlook Auto-protection.

Same here.

I get an alert only on attachments on Lotus Notes.

If you have the attachemnts and scan the folder there is nothing.

---

Getting notification of "CRITICAL: NETWORK VIRUS DETECTED"

Bloodhound.Exploit.459
Experimental heuristics

2 differernet users in 2 different offices accessing the same .xls file are reporting the same error...

Got this on an xlsx file over the network.

Bloodhound.Exploit.459
Experimental heuristics

Left alone
Auto-Protect

Same issue with lotus notes mail client.

I recently opened a case about this issue. Here is what I just got back.

"From the information I have, you have alert related to Bloodhound.Exploit.459. Do not worry since this is only a False Positive and currently our team is working on this issue"

"This is a known issue and these detections may be ignored.  Your security is not at risk. An announcement will be forthcoming as soon as the issue is resolved."

Hope this helps, not ready to drop my gaurd, but this might help to confirm this concern.

This artical is old but its working!

http://service1.symantec.com/support/ent-security.nsf/docid/2007111515160948

Article: TECH102935

I'm glad I found this thread. I thought we had a major infection underway, including calls from our customers who thought we infected them when they opened our spreadsheets.

I gotta say, it must suck to work in Symantec tech support department today.

http://clientui-kb.symantec.com/kb/index?page=content&id=TECH188271&actp=RSS

That article starts by saying "Possible"

I'm not getting that warm fuzzy feeling !!!

We are getting hits on .ppt as well.

That link just brings you to the main support page .. theres nothing to do with this issue.

It Still take you to the main support page

Disabling "Enable Bloodhound (TM) heuristic virus detection" solves that problem in our environment but this is no final solution of course

Symantec... Any update on this issue. Please release a new definition ASAP. 

Glad I stumbled across this.  Am having the same issue on our network.  Looking forward to the new defs.