Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

Symantec Endpoint protection Antivirus quarantined our installer as threat

Created: 04 Mar 2013 • Updated: 04 Mar 2013 | 2 comments

Hi,

We are the third party control developers. Recently we have faced an issue with Symantec Endpoint protection . Symantec Endpoint Protection AV (12.1.1000.157)  has detected our installer as SONAR.Heuristic. We have faced this issue in the Windows XP SP3 installed machine with Symantec Endpoint Protection AV (12.1.1000.157) installed in it. While starting the setup installation, it has been quarantined.

Herewith i have attached the scan log file and system log file. Also the generated report as screenshot. 

We had tested using all anti-virus products by scanning the install as well as trying to install the product with anti virus protection turned on. But we did not find any problems till the end of the installation. We have scanned all our files and have not found any virus in our system. So, we suspect that it may be a false alert. Since we have faced some issues with uploading the attachments. We have uploaded and shared the link. Please download the log file from the below link.

http://www34.zippyshare.com/v/50153519/file.html

Could you please check this issue?

Regards,

Siva 

Operating Systems:

Comments 2 CommentsJump to latest comment

W007's picture

Hello,

You can submit your software whitelisting

Software developer would like to add his/her software to the Symantec White-List.

http://www.symantec.com/docs/TECH132220

 

Look this Discussion

https://www-secure.symantec.com/connect/forums/sep-application-whitelisting

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

.Brian's picture

In addition to whitelisting your app, you can set this as an exclusion:

Handling and preventing SONAR false positive detections

Article:HOWTO80987  |  Created: 2012-10-24  |  Updated: 2013-01-30  |  Article URL http://www.symantec.com/docs/HOWTO80987

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.