Endpoint Protection

 View Only

  • 1.  symantec antivirus treats my statadlone web application as virus

    Posted Jun 21, 2013 06:29 AM

    We have a standalone web application, in which for every URL request ( which calls CGI binary through system command), a new process is created. With this our application is working fine in normal environment. But in some systems where Symantec,F-secure, Avaita anti-virus program were running there our application is extremely slow and

    Symantec antivirus program is killing it thinking as if it is a virus.

    Can you please help what are the situations that makes my web application to be treated as VIRUS.



  • 2.  RE: symantec antivirus treats my statadlone web application as virus

    Posted Jun 21, 2013 06:34 AM

    You can add the application in exception of Scanning.

    Creating exceptions for Symantec Endpoint Protection

    Article:HOWTO55204  |  Created: 2011-06-29  |  Updated: 2011-12-16  |  Article URL http://www.symantec.com/docs/HOWTO55204

    Managing exceptions for Symantec Endpoint Protection

    Article:HOWTO80869  |  Created: 2012-10-24  |  Updated: 2013-06-06  |  Article URL http://www.symantec.com/docs/HOWTO80869

     



  • 3.  RE: symantec antivirus treats my statadlone web application as virus

    Posted Jun 21, 2013 06:35 AM

    Hi,

    You can install only one antivirus in system.If you have install mulitiple AV client i system running very slow.You can uninstall other AV and check working or not fine.



  • 4.  RE: symantec antivirus treats my statadlone web application as virus

    Broadcom Employee
    Posted Jun 21, 2013 06:37 AM

    add exception and you may want to exclude this from False Positive.,



  • 5.  RE: symantec antivirus treats my statadlone web application as virus

    Posted Jun 21, 2013 08:20 AM

    first you need to check what component of SEP is blocking it, 

    you need to check if its from file system Autoprotect , full scan, firewall, or IPS

    then make the appropriate exception in the SEPM policy. if its false positive then please submit it to symantec so that they can fix the signatures.

    Report a Suspected Erroneous Detection (False Positive)

     

    https://submit.symantec.com/false_positive/



  • 6.  RE: symantec antivirus treats my statadlone web application as virus

    Posted Jun 21, 2013 11:10 AM

    Rafeeq is correct submit the file and get the definitions from SEP Support team.

    You can have 2 AV on one machine however with enough System resources .

     



  • 7.  RE: symantec antivirus treats my statadlone web application as virus

    Posted Jul 18, 2013 07:40 AM

    If we procure digital certificate from the third party vendor will it help us from catching of binaries from anti virus program.

     

    and

     

    If we submit our binaries for one time if we upgarde our binaries then do we need to submit them again?

     

    This question was asked by my client.

     



  • 8.  RE: symantec antivirus treats my statadlone web application as virus

    Posted Jul 18, 2013 07:46 AM

    It depends. What component of SEP is detecting this? If SONAR than getting a digital cert will help as it will now be legitimate. If AV, than it is signature based so you would need to add an exception.

    Yes, you may need to submit again if you upgrade the binary. The detection could happen again with a new binary.



  • 9.  RE: symantec antivirus treats my statadlone web application as virus

    Posted Jul 22, 2013 02:27 AM

    Name of the software being detected = alexweb.exe

    Name of detection given by Symantec product = Bloodhound.SONAR.1

    File hash or clipboard paste from product = c:\program files\alexwin\

     

    These details are given by symantec team

     as you have replied in last post

    Does digital signing of this binary will help us?

    and how this digital certificate will help us?