Symanec Protection Suites

Hi,

I am needing some advice regarding false detection of a file.

The file is temporarily created by an Inventory tool (Peregrine Desktop Inventory) which runs once a month on all workstations. The first time this was detected was this month 01/09/2010, however the application has been in use for years, so I am sure it relates to definition file updates.

The file which is detected as a risk and deleted is fpnthw.sys. This can be located on workstations under C:\Documents and Settings\Username\Local Settings\Temp\ 

I have attempted to add an exclusion on SAV 10.1.6.6000, however there appears to be only two options. Either add the extension (.sys) or the folder path (C:\Documents and Settings\Username\Local Settings\Temp\) to the exceptions. Unfortunately a specific file cannot be added on its own, and wildcards may not be used. This creates a larger problem which leaves room for other possible threats.
 
Would it be possible to get Symantec to exclude this file from the definitions if we provide them with a copy?

I believe this also affects a different version of the Anti-Virus and SEP.



Regards

Barry

Please see the

"Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe"

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2010010319585948

There is a known issue when you run any Peregrine Desktop Inventory or some other Peregrine tool.

 

Would it be possible to get Symantec to exclude this file from the definitions if we provide them with a copy?

 

As Cycletech rightly suggested please follow the mentioned document.