Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

HPZwrp01.exe detecting as Trojan.Gen as of 2/17/2013

Created: 18 Feb 2013 • Updated: 19 Feb 2013 | 7 comments
This issue has been solved. See solution.

File HPZwrp01.exe is commonly found in the All-In-One driver for an HP 6100.  After virus definitions on the 17th, we have seen a handful of these files detected as a Trojan.  The file exists in a library of Printer drivers to be installed individually and is not running on said machines.  Is there any word on this being a false positive or additional information pertaining to this?  I've searched the forums for this file name and it returns nothing. 

Comments 7 CommentsJump to latest comment

Brɨan's picture

Submit as a false positive here:

https://submit.symantec.com/false_positive/

I see this all the time with various products. You can submit and open a case with support.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SOLUTION
Ashish-Sharma's picture

Yes you can submit file for submission

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/docs/TECH102419

Security Response recommendations for Symantec Endpoint Protection settings

http://www.symantec.com/docs/TECH122943

follow the steps provided in the Article below:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Thanks In Advance

Ashish Sharma

Chetan Savade's picture

Hi,

Please share the tracking id if you would have submitted the file.

I would like to monitor the status.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

tkinney's picture

The tracking number for the submission is 3088579.  It appears to be related to definitions delivered on the 17th as I had to access a machine that had not updated its definitions yet to be able to grab a copy of the file.  This is a rather old file found in the driver install files, circa 2004.  I'm filling out the rest of the questions after the initial submission.

tkinney's picture

I received a response on the Dispute Submission, 3088579.  This is an excerpt:

'... In light of further investigation and analysis Symantec is happy to remove this detection from within its products.

The updated detection will be distributed in the next set of virus definitions, available daily, or weekly via LiveUpdate, depending on Symantec product version, or daily from our website at...'

Thank you for the prompt feedback.  I was slightly surprised by the lack of others reporting the same issue, but it is a fairly old print driver. 

Regards

Chetan Savade's picture

Hi,

Apologies for the delay reply & Thanks for the udpate.

I can see the file has been white listed now and email has been sent to you.

Good to know issue is resolved now.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<