Forum Support > Software Problems and Questions
Norton detected SAP component
hendy:
Hi Yuki,
Thank you very much for your help to report the false positive of SecureAPlus installer to Norton.
When you reported, we were trying to reproduce it, but we can't, so we are not able to report it to Norton. We are using English version of Norton. I'm not sure whether there is any different.
At the beginning when you reported about the tmp file we don't have idea what happened. After a while, we realized that it may be because when we want to do real time scanning of a file, we make a copy of it as a temp file. At that time it was in plain. In the latest release of SecureAPlus, version 3.3.2, we have encrypted this file. I'm sorry that I haven't updated you about this.
There is still one problem though. The solution that I mentioned above will work if you only use Universal AV to do real-time scanning. When you use ClamAV, it will also create that kind of temporary, which the copy of the file that it scanned, and the content is in plain. So when it is scanning a virus, Norton may also detect that the temp file created by ClamAV is a virus (because it is the plain copy of the file).
Yuki:
The difference might be due to heuristic setting in Norton. I use aggressive heuristics, and when I reported FP to Symantec I also added a note about aggressive setting cuz in a past FP incident they couldn't reproduce it until I reported heuristic setting made a difference.
Now we can't cinfirm this as it is already fixed but if next FP happen, pls remind it. Maybe it's good news as most ppl remain in default setting and won't see FP.
Thanks, happy to hear you now encrypt def files except local AV. As to local AV, ofc I can set exclusion for the folder. But is it hard to encrypt its temp files too? I know ClamAV is open source 3rd party component, but as it is GPL license you can modify/alter it as long as you keep modified version in GPL license as well.
Navigation
[0] Message Index
[*] Previous page
Go to full version