Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Trojan detection today NTRU Cryptosystems tcsd_win32.exe

Created: 29 Jan 2009 • Updated: 21 May 2010 | 7 comments
Philonius's picture
This issue has been solved. See solution.

Within 15 minutes of each other, I had two clients at two different sites with a Trojan detection of NTRU Cryptosystems tscd_win32.exe. It looks like a legitimate program, so not sure if this is a false positive or not. Any help appreciated.

Comments 7 CommentsJump to latest comment

Randy-P's picture

If these are Dell computers and have this software, http://www.wave.com/products/ets.asp, it is probably a false positive.

 

"it's actually part of the TPM software package (Embassy Suite) that Dell gives out with their biometric scanners."

Rutfield's picture

We have received 3 reported cases like this today. We had never received any before.

We are assuming this is a false positive being reported after new virus definitions are loaded, although we have submitted an inquiry to Symantec.

 

This software is a component of our TSS (TCG Software Stack) product which interfaces with the Trusted Platform Module (TPM) security chip. As far as we know, the program is fine, but if you are not using the TPM chip, you can quarantine the file.

 

Craig Rutfield

VP Engineering

NTRU Cryptosystems, Inc.

SOLUTION
Philonius's picture

I've had 4 more since the original 2, and I think they are all running TPM software from Intel.

Rutfield's picture

In the few instances we have been able to research, it appears as though they were running older versions (3-4 years) of our software. We recommend going to the Dell site and install the latest release.

 

Thank you.

 

Craig Rutfield

VP Engineering

NTRU Cryptosystems, Inc.

Qxstores's picture

It appears that this may occurs because of one the files (tcsd_win32.exe) is an older version of the NTRU TCG sofware stack (TSS). Users need to go to their PC manufacturer's web site for an update version.

J.B. Bryant's picture

I to noticed that we had over 300 of our client machines in our enviroment have this issue come up within a day or so. It is probably unrelated but our Email server has been attacked and now our user's email accounts have been spoofed and are constantly sending out mail deamon emails. But what i am trying to figure out is what is Cryptosystems. We do all of the images in our district, and this is nothing that we install in our enviroment but yet is on a majority of our machines. We currently have a white box solution so could someone please explain to me what this program is for. Thanks again

J.B. Bryant
Technology Specialist (Symantec Administrator)
Nacogdoches Independent School District

Rutfield's picture

The file belongs to a product called the TCG Software Stack (TSS).

It is a library which provides access to the Trusted Platfom Module (TPM) chip on the motherboard of many PCs. It is primarily used by security-aware applications, such as Wave's Embassy Trust Suite.

 

This issue is the result of a very old version of the product and is believed to be a false positive using the latest virus definiton files.

 

One can upgrade by going to the manufacturer's site (e.g. Dell, Lenovo) and installng the latest version.