Video Screencast Help

Rare Virus - FileDate.11.537 detected after definition update

Created: 21 Jan 2013 | 4 comments
multiplexed's picture

We're using Symantec Endpoint Protection Small Business Edition 12.0.1 with 2003 server and xp pro, all 32 bit.  We have one particular machine that has detected (twice now) the virus called FileDate.11.537.  According to the logs, both times it was detected about 1 or 2 minutes after a definition update.  Here is some information ...

Detection 1)

(Logged in the central management console)

12/20/2012  -  3:13 AM
Detected file ...
C:\documents and settings\all users\application data\symantec\liveupdate\9.product.inventory.liveupdate

Detection 2)

(Local Logs only.  Not logged in the central management console)

1/16/2013  -  4:08 AM
Detected file ...

I cannot find any signs of infection.  This is a rare virus, with very little information available online.  It has been mentioned that this virus is not in the wild.  One trait of this virus is that it renames the date stamps of some files to a date of August 17, 1991.  I've used windows search and cannot find any files with this date stamp.  I'm really not sure what else to even look for.

To be safe, I have brought in all windows updates, and updates to flash, java, reader, etc.  I also did a manual live update on each machine and rebooted.  I've done full scans with Symantec Endpoint Protection and the Eset online scanner.   Both came up empty.

-->  My question is what should I do about this?  <--  I'm assuming this is a recurring false positive, considering the files detected, the time of detection, the time after the definition update, the fact that only 1 machine is affected, that this virus is not *supposed* to be in the wild, and that all full scans have come up empty.

-->  What should I look for as symptoms of this virus?  <--

Also, I thought we were entitled to a free support incident or two with our license.  Is that true?  If not, how much does a support incident like this cost?

Again, my overall question is what to do about this.  I can find very little information on this virus, so I'm not sure what to even look for.  Do I chalk this up to a recurring false positive (all scans came up empty) or should I be doing something else?

Comments 4 CommentsJump to latest comment

ᗺrian's picture

It seems like it would be a false positive. Are you able to grab the file and submit to Symantec? Or is it removed?

I would send to Symantec if you can and open a case. Especially if everything is comign up normal scan-wise

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

open a support ticket, submit the file to security response for false positive. Work with Tech support for fixing this false positive ( if it is indeed).

Ashish-Sharma's picture


I agree above comments you can submit submission file.

follow the steps provided in the Article below and submit the files to the Symantec Security Response Team:

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Thanks In Advance

Ashish Sharma