Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Brother label printer software malicious download?

Created: 17 Jan 2012 | 5 comments

I recently downloaded software from Brother (www.brother-usa.com) for a new label printer.  The files pew50200bus.exe and puw10003.exe were blocked by SEP 11 (RU6MP3) as malicious downloads, and my internet connection was blocked by SEP.  When the files were finally downloaded and expanded, I ran a virus scan using SEP and no problems were found.

The same files download using Norton Internet Security 2012 without any problems, and the files and web site check out as trusted by NIS.  I am assuming that these files are OK, and SEP is issuing a false warning.

Comments 5 CommentsJump to latest comment

AR Sharma's picture

Depends on sensivity set for different anti virus.

Pls check the following:

How to increase the sensitivity of Proactive Threat Protection in Symantec Endpoint Protection 11.x

http://www.symantec.com/business/support/index?pag...

Specifying the actions and sensitivity levels for detecting Trojan horses, worms, and keyloggers

http://www.symantec.com/business/support/index?pag...

 

Creating exceptions for Symantec Endpoint Protection

http://www.symantec.com/business/support/index?pag...

Thanks & Regards,

AR Sharma, CISSP

IBM Certified System Admin- Lotus Domino V7

ITIL V2 Certified

pete_4u2002's picture

What was the threat detected as ?

Was it bloodhound?

you can create a centralized exception policy as explained in the article

http://www.symantec.com/business/support/index?page=content&id=HOWTO27313

Or you can open a ticket with support to exclude this from detection considering the files are clean.

Chetan Savade's picture

Hi,

It may happen browser IPS was taking action while downloading.

May be download source was not authenticated & after running software locally on system it came clean.

Only make sure system is regularly updated with windows updates & system patches also.

I hope it will help you !!!

Chetan Savade
Sr Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

Could you please let us know what is Symantec is detecting those Threat Files as?

Could you please Submit these Files to the Symantec Security Response Team by:

https://submit.symantec.com/false_positive/

https://submit.symantec.com/websubmit/gold.cgi

http://www.threatexpert.com/submit.aspx

Note: ThreatExpert is owned by Symantec.

OR

Could you please work on this Article for Web Submission Process. Document IDTECH102419

OR

Run a SEP Support Tool and submit the suspicious files to the Symantec Security Response Team.

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

knightstorm1's picture

The Symantec web sites will not accept the 23 MB file, but I was able to scan it using VirusTotal.com.  The only program to detect amything in the file was ClamAV  (PUA.Packed.PECompact-1).  I think this is just a false positive. 

My guess is that the Brother web sites are being confused with Brothersoft web sites.