Endpoint Protection

I was directed to this forum by tech support.   I work for a software manufacturer and have recently had reports of Symantec AV products incorrectly indicating one of our exe's potentially contains a virus.   When this happens the product stopped and quarantined which has production implications with our customer base.

Is there a process with Symantec for remediating these issues or getting our product reviewed so we can avoid this issue?

Thanks,

Joe.

To submit software to participate in this program, please submit the candidate software to Symantec using the Software White-Listing Request form.

Software developer would like to add his/her software to the Symantec White-List.

http://www.symantec.com/docs/TECH132220

For software developers, authors, and Independent Software Vendors (ISVs), the Symantec Software White-List program offers an opportunity to have their software added to a white-list of known good software maintained by Symantec to reduce the possibility of false positives.

To submit software to participate in this program, please submit the candidate software to Symantec using the Software White-Listing Request form.

Software White-Listing Request Form: https://submit.symantec.com/whitelist/

submit that application to https://submit.symantec.com/false_positive

Hi jdratz2000,

The information above is accurate.  Also, the Insight Deployment Best Practices is a public document (Insight_v1.pdf) with an excellent section on False Positive Prevention. It is highly recommended reading.

Insight Deployment Best Practices
Article URL http://www.symantec.com/docs/DOC5077 

With thanks and best regards,

Mick

In addition to requesting whitelisting of your software, you need to submit as a false positive here:

https://submit.symantec.com/false_positive/

Thank you for the reply.  In my situation I am not clear what I should do.

Our software is commonly used by .NET developers and as such is deployed in a few different ways.  We do have an installer but it is not based on an .MSI but rather leverages Chocolatey and uses scripts to pull the installation down from a NuGet repository.

Regardless of how it get's to the users system, it is one specific .exe that triggered the false positive.

What should I upload for the whitelist process?  We could make an .MSI but it's the contained .exe I am concerned about.

Thanks again.

Joe

Needs to be the exe

Brian,

Just to clarify, I can upload our actual .exe but it isn't a setup.exe that installs anything.. it is the runtime application itself. 

I was just confused as the site claims it must have an installer to be whitelisted.

Thanks again.

Joe

Hi jdratz2000,

Can you PM me your Tech Support case number, plus the reference umber supplied once you have submitted the .exe which is being detected?

Many thanks!

Mick

They wouldn't open a case for me.   I will upload the current .exe and private message you.

Thanks.

Joe.

Resolved: This appears to have been due to some know issues with false positives in the SONAR release of September 15th.

SONAR.SuspLaunch False Positive with Sept 15th SONAR Release
https://www-secure.symantec.com/connect/blogs/sonarsusplaunch-false-positive-sept-15th-sonar-release

Large Amount of False Positives with SONAR.SuspLaunch2
https://www-secure.symantec.com/connect/forums/large-amount-false-positives-sonarsusplaunch2

Thank you for the whitelist information.  We may pursue that still if more issues come up but for now we should be good to go. 

THanks again for the quick responses and all the help.

Regards,

Joe. 

Cheers, Joe!  Glad to help.

When time allows, please do mark the thread "solved" so that its contents will be indexed in the searches?  Your experiences on this topic may be of interest to another user with the same query.

All the best,

Mick