Endpoint Protection

 View Only

  • 1.  Why is WebEx a virus??? (major false positive)

    Posted Sep 30, 2011 11:04 AM

    Why is 12.x reporting WebEx of all things as a virus????

     

    Computer
    User
    IP Address

    Risk
    Risk Type

    Risk Count

    Date Time

    Domain
    Server
    Group

    Action
    Source

    File / Entry

    CITRIX3
     

    WS.Reputation.1
    Malware

    1

    09/30/2011 10:37:11

     
    My Company\Servers\Citrix

    Quarantined
    Auto-Protect

    C:\Program Files\WebEx\WebEx\1224\temp19168\pkicrypt.dll

    CITRIX3
     

    WS.Reputation.1
    Malware

    1

    09/30/2011 10:36:44


    My Company\Servers\Citrix

    Quarantined
    Auto-Protect

    C:\Program Files\WebEx\WebEx\1224\temp19168\cmcrypto.dll

     



  • 2.  RE: Why is WebEx a virus??? (major false positive)

    Posted Sep 30, 2011 11:12 AM

    thats a genuine file

    Submit to symantec please, I think the new defs is find it ; will be fixed in next virus defs release

    https://submit.symantec.com/false_positive/



  • 3.  RE: Why is WebEx a virus??? (major false positive)

    Posted Sep 30, 2011 11:24 AM

    Submitted false positive, sent copy of the email received from SEP server.

    Thank you, Tom



  • 4.  RE: Why is WebEx a virus??? (major false positive)

    Posted Sep 30, 2011 11:36 AM

    Great! Please keep the forum updated with results, 



  • 5.  RE: Why is WebEx a virus??? (major false positive)

    Trusted Advisor
    Posted Sep 30, 2011 12:36 PM

    Hello,

    In your case, the Files being detected as WS.Reputation.1 which are being detected are :

    C:\Program Files\WebEx\WebEx\1224\temp19168\pkicrypt.dll

    C:\Program Files\WebEx\WebEx\1224\temp19168\cmcrypto.dll
     
    seems to be detected due to having a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. 
     

    If you believe the file is a false positive AND it is being detected by a Symantec Endpoint Protection, I suggest submitting it to our False Positive portal.

    Our Security Response team can analyze the file and, if it is a false positive, modify our definitions so we stop detecting it.

    Portal URL: https://submit.symantec.com/false_positive/

    Could also submit the same file to: http://www.threatexpert.com/submit.aspx

    Hope this helps!!

     


  • 6.  RE: Why is WebEx a virus??? (major false positive)

    Posted Sep 30, 2011 12:48 PM

    Webex is not a Virus however it is a Security Risk. As it is a Remote Control program like VNC and dameware.

    So based on that it would have got detected.However it should be detected as Commercial.App



  • 7.  RE: Why is WebEx a virus??? (major false positive)

    Posted Sep 30, 2011 01:48 PM

    It shouldn't be detected if it's not causing harm...

    Also the above file aren't even excludable because they go into temp folders which change all the time.

    Major PITA.

    Thank you, Tom



  • 8.  RE: Why is WebEx a virus??? (major false positive)

    Posted Sep 30, 2011 01:52 PM

    I excluded the WebEx folder per se from scanning to make this false positive go away...

    Thank you, Tom