Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

symantec antivirus treats my statadlone web application as virus

Created: 21 Jun 2013 • Updated: 21 Jun 2013 | 8 comments

We have a standalone web application, in which for every URL request ( which calls CGI binary through system command), a new process is created. With this our application is working fine in normal environment. But in some systems where Symantec,F-secure, Avaita anti-virus program were running there our application is extremely slow and

Symantec antivirus program is killing it thinking as if it is a virus.

Can you please help what are the situations that makes my web application to be treated as VIRUS.

Operating Systems:

Comments 8 CommentsJump to latest comment

raju123's picture

You can add the application in exception of Scanning.

Creating exceptions for Symantec Endpoint Protection
Article:HOWTO55204  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55204
Managing exceptions for Symantec Endpoint Protection
Article:HOWTO80869  |  Created: 2012-10-24  |  Updated: 2013-06-06  |  Article URL http://www.symantec.com/docs/HOWTO80869
W007's picture

Hi,

You can install only one antivirus in system.If you have install mulitiple AV client i system running very slow.You can uninstall other AV and check working or not fine.

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Rafeeq's picture

first you need to check what component of SEP is blocking it, 

you need to check if its from file system Autoprotect , full scan, firewall, or IPS

then make the appropriate exception in the SEPM policy. if its false positive then please submit it to symantec so that they can fix the signatures.

Report a Suspected Erroneous Detection (False Positive)

 

https://submit.symantec.com/false_positive/

Swapnil khare's picture

Rafeeq is correct submit the file and get the definitions from SEP Support team.

You can have 2 AV on one machine however with enough System resources .

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

nagang's picture

If we procure digital certificate from the third party vendor will it help us from catching of binaries from anti virus program.

and

If we submit our binaries for one time if we upgarde our binaries then do we need to submit them again?

This question was asked by my client.

Brɨan's picture

It depends. What component of SEP is detecting this? If SONAR than getting a digital cert will help as it will now be legitimate. If AV, than it is signature based so you would need to add an exception.

Yes, you may need to submit again if you upgrade the binary. The detection could happen again with a new binary.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

nagang's picture

Name of the software being detected = alexweb.exe

Name of detection given by Symantec product = Bloodhound.SONAR.1

File hash or clipboard paste from product = c:\program files\alexwin\

These details are given by symantec team

 as you have replied in last post

Does digital signing of this binary will help us?

and how this digital certificate will help us?