Hello Mora
I have same definitons and same version But i downloaded firefox. there is no error.
Maybe exe file take infected from another machine when you are download ?
Thanks

Hi Mora,

Yes we have the same problem on at least 10-20 computers...

Cheers,
Nicke

Same thing here.  Anyone know what's going on with this?  I'm assuming a false positive?  I've had a downloaded version sitting on my pc for a few days and that got picked up as well.  Thanks.

I downloaded the FF 3.5.2 installer weeks ago, and this morning SEP popped up announcing it had been quarantined.  I didn't find anything about this on Mozilla's forums, so I post up an item and linked it back to this forum thread.  I've got to believe it's a false positive on SEP's part.

SEP 11.0.3001.2224, virus definitions 110907ax.

We noticed the same thing and confirmed it's happening on multiple workstations.

Same thing here.  Hopefully some updated defs will be rolled out quickly to address this false positive.

Firefox Setup 3.5.2.exe was removed from my computer as well by Endpoint Protection

Security risk detected: Downloader
Action taken: Cleaned by Deletion
Date found: Tuesday, September 08, 2009  9:19:26 AM
 

We are experiencing the same problem. I am at a College and Faculty and Staff that use Firefox are having the update to 3.52 quarantined as Downloader.

Any Help Symantec?

Mike

I have a case open with them. Feel free to reference it if needed 281-770-188.  The technician was able to reproduce the issue.  Security Response is looking into this now.   More info coming.....

It will be fixed in the next definition update, per Symantec's response to my submission:

We are writing in relation to your submission through Symantec's on-line Security Risk / False Positive Dispute Submission form for Firefox software being detected by Symantec Software. This issue has already been addressed and the next release of definitions will resolve the issue.  

The updated detection will be distributed in the next set of virus definitions, available daily, or weekly via LiveUpdate, depending on Symantec product version, or daily from our website at

http://securityresponse.symantec.com/avcenter/defs.download.html.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

Sincerely,

Symantec Security Response

The first sequence which should no longer detect this FirefoxSetup3.5.2.exe file is 100144.  These will appear in the GUI as 08 September 2009 r17.

A check of the most recent sequence on the FTP server shows that this Rapid Release sequence is now available:

ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/sequence

Thanks and best regards,

Mick

For those who wish to use RR defs to avoid this detection straight away, these articles may help:

Applying rapid release definitions to a Symantec Endpoint Protection (SEP) client.

Using Rapid Release virus definitions to update Symantec AntiVirus 10.x or Symantec Client Security 3.x clients and servers

Otherwise, as Andrew stated above, the Certified definitions released later on will include the necessary change. Certified Definitions are the ones normally retrieved by running LiveUpdate.

Thanks and best regards,

Mick

I'd not been so surprised had it detected IE and removed it! LOL