Bloodhound.Exploit.459 - false positive
does anyone else experience an increase in Bloodhound.Exploit.459 reporting throughout your networks?
As of tody, those errors start to popup when the Client-Computers open .xls-Files. Seems to be some sort of Exploit in a program is triggered when the file is read. Unfortunately there is no further explanation on the Symantec websites regarding this exploit, so I do not know what Exploit is triggered. I hope someone here can point me to a solution :-)
Rapid Release definitions which correct this FP are being posted now. The next build of definitions (available via LiveUpdate, ETA 4:00 PM PST, May 08) will also contain the fix for this issue.
Rapid Release Sequence number: 134129 Extended information: 2012-05-08 rev. 016
Instructions for how to apply RR defs:
How to apply rapid release definitions to a Symantec Endpoint Protection (SEP) client.
Article: TECH104979 | Created: 2008-01-21 | Updated: 2010-10-06 | Article URL http://www.symantec.com/docs/TECH104979
How to update definitions for Symantec Endpoint Protection Manager (SEPM) using a .jdb file
Article: TECH102607 | Created: 2007-01-08 | Updated: 2012-05-01 | Article URL http://www.symantec.com/docs/TECH102607
FTP link to RR defs, if needed:
Please link any cases to this KB:
Possible False Positive for signature Bloodhound.Exploit.459
Article: TECH188271 | Created: 2012-05-08 | Updated: 2012-05-08 | Article URL http://www.symantec.com/docs/TECH188271
Hope that helps!!