Endpoint Protection

 View Only

  • 1.  ClamAV detecting a possible false positive.

    Posted Oct 06, 2015 11:16 AM

    While running a scan with ClamAV C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6168.6000.105\Data\Cached Installs\Program Files\Symantec\Name\Version\Bin\srtsp_ca.exe was detected as a win.trojan.dropped-2031 can anyone from symantec verify if this is a false positive. 



  • 2.  RE: ClamAV detecting a possible false positive.

    Posted Oct 06, 2015 12:34 PM

    Defiitely a FP, clam is also known for this.

    This file deals with quarantining files detected by the real-time (auto-protect) scan.



  • 3.  RE: ClamAV detecting a possible false positive.

    Posted Oct 06, 2015 12:42 PM

    Ok thank you



  • 4.  RE: ClamAV detecting a possible false positive.

    Posted Oct 07, 2015 07:20 AM

    Hi imfocused,

    Don't run more than one file-based AV scanner on a computer!  They will clash.  Clam and SEP should not be both installed at the same time on the same computer.

    Should you run more than one antivirus program at the same time?
    Article URL: http://www.symantec.com/docs/TECH104806

    Please do keep this thread up to date with your progress or mark this thread solved if you have received your answer.

    With thanks and best regards,

    Mick

     

     



  • 5.  RE: ClamAV detecting a possible false positive.

    Posted Oct 13, 2015 01:20 PM

    I do not run them together I tun Clamav portable as an on demand scan



  • 6.  RE: ClamAV detecting a possible false positive.

    Posted Oct 13, 2015 01:42 PM

    Clam is an AV solution like SEP. You're best off looking at a second opinion scanner, like the Threat Analysis Scan within symhelp or a third party like Malwarebytes for example.