Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Why is WebEx a virus??? (major false positive)

Created: 30 Sep 2011 | 7 comments
TomMLS's picture
TomMLS
0 0 Votes
Login to vote

Why is 12.x reporting WebEx of all things as a virus????

 

Computer
User
IP Address

Risk
Risk Type

Risk Count

Date Time

Domain
Server
Group

Action
Source

File / Entry

CITRIX3
 

WS.Reputation.1
Malware

1

09/30/2011 10:37:11

 
My Company\Servers\Citrix

Quarantined
Auto-Protect

C:\Program Files\WebEx\WebEx\1224\temp19168\pkicrypt.dll

CITRIX3
 

WS.Reputation.1
Malware

1

09/30/2011 10:36:44

My Company\Servers\Citrix

Quarantined
Auto-Protect

C:\Program Files\WebEx\WebEx\1224\temp19168\cmcrypto.dll

 

Discussion Filed Under:
, , ,

Comments

Rafeeq's picture
30
Sep
2011
0 Votes 0
Login to vote
Rafeeq

hi

thats a genuine file

Submit to symantec please, I think the new defs is find it ; will be fixed in next virus defs release

https://submit.symantec.com/false_positive/

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

TomMLS's picture
30
Sep
2011
0 Votes 0
Login to vote
TomMLS

Submitted false positive,

Submitted false positive, sent copy of the email received from SEP server.

Thank you, Tom

Rafeeq's picture
30
Sep
2011
0 Votes 0
Login to vote
Rafeeq

hi

Great! Please keep the forum updated with results, 

Please don't forget to mark your thread solved with whatever answer helped you : ) Rafeeq

Mithun Sanghavi's picture
30
Sep
2011
0 Votes 0
Login to vote
Mithun Sanghavi
Technical Support
Accredited

Understanding.

Hello,

In your case, the Files being detected as WS.Reputation.1 which are being detected are :

C:\Program Files\WebEx\WebEx\1224\temp19168\pkicrypt.dll

C:\Program Files\WebEx\WebEx\1224\temp19168\cmcrypto.dll
 
seems to be detected due to having a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. 
 

If you believe the file is a false positive AND it is being detected by a Symantec Endpoint Protection, I suggest submitting it to our False Positive portal.

Our Security Response team can analyze the file and, if it is a false positive, modify our definitions so we stop detecting it.

Portal URL: https://submit.symantec.com/false_positive/

Could also submit the same file to: http://www.threatexpert.com/submit.aspx

Hope this helps!!

 

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3

Follow me on Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo

Vikram Kumar-SAV to SEP's picture
30
Sep
2011
0 Votes 0
Login to vote
Vikram Kumar-SAV to SEP
Symantec Employee
Accredited

Webex is not a Virus however

Webex is not a Virus however it is a Security Risk. As it is a Remote Control program like VNC and dameware.

So based on that it would have got detected.However it should be detected as Commercial.App

VMWARE-- SEP 12.1 vs McAfee vs Trend Micro

TomMLS's picture
30
Sep
2011
0 Votes 0
Login to vote
TomMLS

It shouldn't be detected if

It shouldn't be detected if it's not causing harm...

Also the above file aren't even excludable because they go into temp folders which change all the time.

Major PITA.

Thank you, Tom

TomMLS's picture
30
Sep
2011
0 Votes 0
Login to vote
TomMLS

I excluded the WebEx folder

I excluded the WebEx folder per se from scanning to make this false positive go away...

Thank you, Tom

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,017