Endpoint Protection

This is probably an old issue but still persists.

Symantec's Sylink Replacer and CleanWipe gets detected as Runtime packed mew by AVG.

Runtime packed is defined as a type of Executable compression which, according to Wikipedia, is defined as " any means of compressing an executable file and combining the compressed data with decompression code into a single executable."

After it finished scanning, it wasn't placed into quarantine. Although older versions of AVG did delete or quarantine them which was an inconvenience when using my USBs on some PCs. My work around here is to backup these files on multiple PCs (work and home).

Seems AV is detecting sylink replacer and clean wipe as a false postive. 

Well.. avg is know for false postive

Contact AVG please non Symc issue.

usually one AV detects other AV as threat.

Hi,

Seriously, I would not suggest using a free Antivirus.

Check this -

https://www-secure.symantec.com/connect/blogs/how-free-antivirus-software-can-end-costing-you

I wonder where would you report to?

Hi, Mon_raralio

You should contact the support of AVG I'll give you an opinion

In order to aggravate detection and reduce size of a file it might be packed with a runtime packer. Even though some packers are commercially available, many executables compressed with them are malware, or have a behaviour that presents a security or privacy risk.

Usually these packers employ encryption mechanisms and often manipulate the original executable code to hide the real functionality.

Legitimate software may employ some of these commercial packers. A packer detection does not necessarily mean that the detected file is malicious.

A PCK/MEW detected file is most likely not to be malicious if one or more of the following are true

The program is in use for a very long time and is known to the user

The program was installed by the user himself

The program comes from a trustworthy source

hugs