Just started happening here, too.
Messages about Spotify are pouring in.

Not that I am sad about it, it's not exactly a business critical application, but it is causing users some grief.

Is this deliberate from Symantec?

Same problem here. All my clients using Spotify suddenly receive this warnig.

A Spotify employee writes this in their support forum: "We've made no changes to Spotify and there is nothing infecting it. It's possible that it's a false positive which we've seen before from anti-virus programs. " http://getsatisfaction.com/spotify/topics/spotify_defined_as_a_trojan_by_symantec#reply_1837534

Same problem here.
Need asap confirmation on that verifies the threat to reel or to be a false positive.

Please submit the file to https://submit.symantec.com/websubmit/gold.cgi.

Hi The file is subbmitted already and there is several open cases with this.
Case: 411-147-522 - False Positive - spotify.exe detected as trojan - Tracking #14666799
 

Seems that the test of the defs is limited according to Spotifyt they have 100 000 000 installation of the application.

/Stickan

False Positive Submission 

Sorry 100 000 000 downloads 7 000 000 installations. Not yet released in US. Probalby why it is not tested.

/Stickan

It is business critical! Means I don't need to listen to the crap my boss says all day. Keeps me sane. I keep the network sane.

Seeing annoying false positive here too. When can we expect the updated defs symantec?

Hi,

We are aware of this false positive and working on it.

The definitions Spotify will be published very soon.

This post will be updated as soon as the definitions are published.

Best,
Aniket Amdekar

Hi All,

Security Response have confirmed this is a false positive and have fixed the issue.

If you are running SEP or SAV, then Rapid Release definitions have just been released dated 28/01/2010 rev. 2.

They will be included in the next full release for both SEP and SAV.

At the same time, we started seeing blocks of   "install_flash_player.exe"  as well. Don't think I've seen that before.

Related problem?

We have started to se install_flash_player.exe as infected with a Trojan
Is this fixed with the latest rapid release as well?
I'm pretty sure that this is a false positive as well

It would be helpful if the properties window for the quarantine showed the original file properties. That might help us determine the original source of the quarantined items.

Hi all,
Must be a bit silly but I can't find out how to download rapid-release definitions.
Anyone can help?

This patch doesn't seems to work on Windows7...
=> symrapidreleasedefsv5i32.exe

Thx

We are also seeing huge amounts of alerts on install_flash_player.exe being quarantined as a Trojan Horse.

Please advise on this ASAP

@ rjouin

That's not a silly question at all. I can't find it either.
Please refer to a link.

Well I'm REALLY stupid!
- sorry what do you mean 'refer to a link'?
Anyone know how to force Symantec endpoint protection to retrieve these latest defs?
Maybe not business critical, but people ringing up helpdesk to advise of virus found is getting annoying

http://www.symantec.com/business/security_response/definitions/download/detail.jsp?gid=rr

I find it very complicated. I don't understand why Symantec can't do this automaticly through LiveUpdate. We are paying for this! And now it's up to US to fix a problem that THEY have caused?

Hmmffph...

Well, enough complaining.

Yes davrog, I was thinking about that link, but I'm not sure which one to download.
Because there are several downloads there. I have Win 7 ultimate 64bit. And my Symantec product is Norton Internet Security Online 2009 or 2010. So which one to download and install?
I just need to fix this Spotify problem, nothing else....

If the nice technician named Aniket would be so kind to explain this step by step for me, I would appreciate it enormously. Because the explaination by the links he posted is quite difficult to follow.

regards
MightyTor

See more here on sans.org

http://isc.sans.org/diary.html?storyid=8104

First SEP does not like 2010 and now doesnt like Spotify & Flash.

I see others are also seeing detections on install_flash_player.exe.  Has this issue also been confirmed with install_flash_player.exe?  If, so, will the rapid release correct that problem?

Mark

Hi Mark,

The Rapid Release sequence: 106382 will be able to solve this issue. If you use the rapid release definitions and use the articles I have mentioned in my previous post, the issue wuill be taken care of.

Cheers,
Aniket

I dont really care too much about spotify, unlike my 100-odd users who lost it and dont think too highly of Norton, but after trying various methods of updating sepm with rapid release versions, and waiting instead for live update to update it yesterday (why cant live update do it straightaway!), I now have the problem of my system showing 120 PCs infected with a bogus virus!

Can anyone please tell me how I'm meant to clear this status from sepm without having to go to each individual PC and mark as cleaned? - And where do I send my bill to, Mr Norton?
:)

(by the way found a document :http://service1.symantec.com/support/ent-security.nsf/docid/2007100820002048?Open&seg=ent for supposed rapid definitions update for future reference...

Hi,

have you tried this document?

http://service1.symantec.com/support/ent-security....

-- Click on Advanced settings
-- Click on Compliance Options
-- check the box for "Infected Only"
-- save the filter as "Infected computers"
-- click on view logs, it showed all the computers in Infected status
-- in the drop down manu where the defaul selection is "Selected", make sure that you select "all"
-- click on clear infected status
-- log out and log back into SEPM and wait for 10 mins
-- after 10 mins, in SEPM home page, none of the computers should be shown as still infected

Cheers,
Aniket