Modify

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#9979 closed defect (othersoftware)

Norton Antivirus says Trojan.ADH.SMH in uninstall.exe

Reported by: rudolfdermapper Owned by: team
Priority: major Milestone:
Component: Installer Windows Version: tested
Keywords: Cc:

Description

I downloaded and installed josm version 7000 (7001 version 2014-04025)
from http://josm.openstreetmap.de/download/windows/josm-setup.exe
After Installation Norton Antivirus poppued up and said Trojan.ADH.SMH in c:/program files (x86)/josm/uninstall.exe, blocked, no further action required.

Attachments (0)

Change History (3)

comment:1 by bastiK, 10 years ago

Trojan.ADH.SMH is a feature by Norton that looks for certain suspicious characteristics of files.

From the description page:

If one or more files on your computer have been classified as having a Trojan.ADH.SFC threat, this indicates that the files have suspicious characteristics and therefore might contain a new or unknown threat. However, given the sensitive nature of this detection technology, it may occasionally identify non-malicious, legitimate software programs that also share these behavioral characteristics.

It is very likely that there is nothing wrong with that file, but this is indeed a false alarm. Could you please

  • attach the file c:/program files (x86)/josm/uninstall.exe to this ticket for future reference
  • submit a report that you suspect an erroneous detection. They will (hopefully) double check the file and put it on a white list.

comment:2 by Don-vip, 10 years ago

Resolution: othersoftware
Status: newclosed

I have sent a bug report to Symantec.

comment:3 by Don-vip, 10 years ago

They are asking for more information, could you please tell us your exact version of Norton Antivirus and if the problem's still here with latest definition updates?

Symantec:

In relation to submission 3584099.

Having reviewed the information provided we are unable to reproduce or confirm the issue described.

Please ensure that you are using Symantec's latest virus definitions for detection. These can be found using live update or alternatively via the URL below.
http://securityresponse.symantec.com/avcenter/defs.download.html

If the issue persists with the latest definitions, please respond to this email providing the additional information below in order for us to analyze the problem further:

  • Details of the message or a screenshot of the message received
  • Exact step by step instructions on how to recreate issue
  • Details of the Symantec product and version being used
  • Detection log(s) from the product

If other versions of the file(s) in question have previously triggered false positive detections please mention this in your response and include all available file versions.

Sincerely,
Symantec Security Response
http://securityresponse.symantec.com

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.