Hello Sapien Team and Board Members,
I am receiving what appears to be false positives for the Trojan virus Heur.AdvML.B on the following files:
<primal script install path>\sapien powershell v5 host (windows application) win32.exe
<primal script install path>\sapien powershell v3 host (windows application) win32.exe
<primal script install path>\sapien powershell v2 host (windows application) win32.exe
Product: PrimalScript 2017 64-Bit
Product Version and build: Build 7.3.106
Operating system: Windows 10 Pro 64-Bit Version 10.0.15063
I saw a related article to this on the Forum here: viewtopic.php?f=7&t=11780
My reason for posting is to raise awareness, and provide others using Norton AV to restore their PrimalScript 2017 files. I'm also curious if the Sapien Team has seen false positives on these files with whatever AV scanning is used by your test teams.
To restore the PrimalScript 2017 files, and exclude them from future scans, take the following steps in Norton AV:
1. From the Security History dialog, select and open a file that has been quarantined
2. This opens the File Insight dialog, click the Restore link in the lower right
3. This opens the Quarantine Restore dialog, select the "Exclude this file ID from future scans..." option, and click Yes. This will restore the Sapien PrimalScript 2017 files to the original location.
4. Once this is completed, the files will no longer be quarantined on future scans.
I also submitted the files and detail to Symantec to hopefully get these files logged as false positives in their AV definitions, or perhaps mentioned in a support article.
Thank You,
Paul (a.k.a yamaha04)
Norton Security AV - Trojan Virus Heur.AdvML.B in PrimalScript 2017 files
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Re: Norton Security AV - Trojan Virus Heur.AdvML.B in PrimalScript 2017 files
Thank you for submitting the files and providing the steps.
Virus definitions are constantly updated so false-positives will keep popping up every once in a while. Part of the issue could that the executables are not signed, but that a necessity because otherwise you would not be able to sign their own packaged scripts.
Virus definitions are constantly updated so false-positives will keep popping up every once in a while. Part of the issue could that the executables are not signed, but that a necessity because otherwise you would not be able to sign their own packaged scripts.
David
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.