Endpoint Protection

 View Only

  • 1.  false positive detection on sep 12

    Posted Aug 17, 2015 06:21 AM

    Hello,

    i am recently getting a lots of false positive detection on files located in c:\WINDOWS\Temp\00000000.ZIP or c:\WINDOWS\Temp\********.qef or c:\WINDOWS\Temp\********.zip.

    for example, the 00000000.zip file, contains a tmp file (which contains the word "torjan" inside) and another zip file that contains a rma/urm file.

    i have read that the problem is solved in version 12, so what could be the problem?.

    (http://www.symantec.com/connect/forums/how-does-trojan-horse-detection-work)

     

    best regards,

     

     



  • 2.  RE: false positive detection on sep 12

    Posted Aug 21, 2015 04:32 PM

    This is likely a known issue/false postive, see here:

    When new virus definitions are in place and the quarantine is being scanned, a DWH file is created and detected by Auto-Protect

    http://www.symantec.com/docs/TECH102953

    You can manually delete the quarantine.

    Also, make sure you're running the latest version 12.1.6.1a.