Endpoint Protection

 View Only

  • 1.  False positive with wextract.exe using SEP deffinitions

    Posted Jun 09, 2009 01:09 PM
    Hi there is any one else having this issue where if you install the deffintions date 2009-06-09 r18 it seems to be detecting the wextract.exe as a backdoor.greybird then deletes it. It seems this is a ligitimate windows system file?

    Any suggestions on what to do?

    thank you


  • 2.  RE: False positive with wextract.exe using SEP deffinitions

    Posted Jun 09, 2009 01:14 PM
    You should make a False Positive submission to Symantec.

    https://submit.symantec.com/false_positive/index.html


  • 3.  RE: False positive with wextract.exe using SEP deffinitions

    Posted Jun 10, 2009 03:38 AM
    I have done that will wait and see what they say?


  • 4.  RE: False positive with wextract.exe using SEP deffinitions

    Posted Jun 10, 2009 03:44 AM
    This is the best way to get rid off any suspecious files which u r unaware fo. Just submit to Symantec  response team


  • 5.  RE: False positive with wextract.exe using SEP deffinitions

    Posted Jun 10, 2009 05:32 AM
     This issue is not seen with this revision 2009-06-09 r37.


  • 6.  RE: False positive with wextract.exe using SEP deffinitions

    Posted Jun 15, 2009 05:21 PM
    @ Weeman, has Symantec responded back to you?
    Update us when you get a chance.

    Thanks,
    Thomas