Video Screencast Help

Brother label printer software malicious download?

Created: 17 Jan 2012 | 5 comments

I recently downloaded software from Brother ( for a new label printer.  The files pew50200bus.exe and puw10003.exe were blocked by SEP 11 (RU6MP3) as malicious downloads, and my internet connection was blocked by SEP.  When the files were finally downloaded and expanded, I ran a virus scan using SEP and no problems were found.

The same files download using Norton Internet Security 2012 without any problems, and the files and web site check out as trusted by NIS.  I am assuming that these files are OK, and SEP is issuing a false warning.

Comments 5 CommentsJump to latest comment

AR Sharma's picture

Depends on sensivity set for different anti virus.

Pls check the following:

How to increase the sensitivity of Proactive Threat Protection in Symantec Endpoint Protection 11.x

Specifying the actions and sensitivity levels for detecting Trojan horses, worms, and keyloggers

Creating exceptions for Symantec Endpoint Protection

Thanks & Regards,

AR Sharma, CISSP

IBM Certified System Admin- Lotus Domino V7

ITIL V2 Certified

pete_4u2002's picture

What was the threat detected as ?

Was it bloodhound?

you can create a centralized exception policy as explained in the article

Or you can open a ticket with support to exclude this from detection considering the files are clean.

Chetan Savade's picture


It may happen browser IPS was taking action while downloading.

May be download source was not authenticated & after running software locally on system it came clean.

Only make sure system is regularly updated with windows updates & system patches also.

I hope it will help you !!!

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture


Could you please let us know what is Symantec is detecting those Threat Files as?

Could you please Submit these Files to the Symantec Security Response Team by:

Note: ThreatExpert is owned by Symantec.


Could you please work on this Article for Web Submission Process. Document IDTECH102419


Run a SEP Support Tool and submit the suspicious files to the Symantec Security Response Team.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

knightstorm1's picture

The Symantec web sites will not accept the 23 MB file, but I was able to scan it using  The only program to detect amything in the file was ClamAV  (PUA.Packed.PECompact-1).  I think this is just a false positive. 

My guess is that the Brother web sites are being confused with Brothersoft web sites.