Endpoint Protection

 View Only

  • 1.  New Computrace in new Dell BIOS making SEP angry?

    Posted Jun 04, 2015 12:56 PM

    I updated a few Dell E6440's to BIOS A12, released a few days ago, and SEP now swears that \windows\system32\rpcnetp.exe is infected with http://www.symantec.com/security_response/writeup.jsp?docid=2013-041522-2144-99 until suitably updated virus definitions are available, then it's clean until the next day. Downgrading to BIOS A11 causes a smaller rpcnetp.exe (part of Computrace) to be regenerated. It apperas that Symantec is working on the problem, given the Rapid Release version updates, but it was concerning to me until I figured out what was going on. Can anyone confirm my diagnosis?

    Computrace is integrated into the BIOS and installs itself into Windows to help track down stolen laptops. It's deliberately hard to remove. I'm told we've made use of it a few times.



  • 2.  RE: New Computrace in new Dell BIOS making SEP angry?

    Posted Jun 04, 2015 01:02 PM

    You should submit a false positive report

    https://submit.symantec.com/false_positive/



  • 3.  RE: New Computrace in new Dell BIOS making SEP angry?

    Posted Jun 04, 2015 01:33 PM

    It looks like they're making progress. Now it's just the rpcnetp.exe in \windows\syswow64 being reported as the more generic http://www.symantec.com/security_response/writeup.jsp?docid=2010-090200-2232-99. It used to flag both as infected.



  • 4.  RE: New Computrace in new Dell BIOS making SEP angry?

    Posted Jun 04, 2015 01:40 PM

    It's a false postive it looks like. You may want to log a case with them.