Page 2 of 3
Posted: Fri Jan 04, 2013 4:38 am
All our software is scanned for viruses and trojans before it gets uploaded to our servers. The file in question is not infected with anything, its just a false positive from the simple pattern based scanner some of these products use.
Submit the quarantined file to whoever your anti-virus software vendor is for verification and ask them to update their databases.
Posted: Fri Jan 04, 2013 5:09 am
To double check I installed the version from our server on a fresh VM and scanned with the latest Microsoft Safety Scanner. No infections of any kind are found.
Posted: Fri Jan 04, 2013 5:16 am
Do you have any other virus scanners you can try? People here are reporting this issue with more than one virus scanning product. It doesn't seem right that you will leave it up to your customer base to fix the problem. I definitely don't have time to fix this for Sapien and my job depends on your product.
If Sapien is unwilling to fix this problem, then 6.5.137 is the last update I will install until I can update without Symantec interfering. If this persists, then the bottom line is that you just lost a customer.
Posted: Fri Jan 04, 2013 5:51 am
I understand that you are frustrated by this, but we have no influence over Symantec or other anti-virus software vendors. We have tried to talk to Symantec in the past and their position is that they don't talk to vendors, only to their customers.
I don't quite understand why you accuse us of being "unwilling to fix this problem".
There is no actual problem as demonstrated by Microsoft's scanner and I am not sure what you would have us do anyway. We can recompile the entire product and repackage it and that will just result in the very same files.
These false positives happen all the time with any number of products. The thread you have jumped on here is from August and for a different version. Some vendors, like F-Secure, have updated their databases since then. Symantec hasn't.
FYI, neither TrendMicro nor AVG find any problems either.
Posted: Fri Jan 04, 2013 5:56 am
I have to add that we do not know if the files on your computer got infected while or after installation on your machine. So it is ALWAYS the best course of action to check the files on your local machine with your anti-virus software vendor.
Posted: Fri Jan 04, 2013 6:10 am
I'm running a full scan right now. I ran a full scan on Jan 2 so I don't think that my computer is infected and I'm not in the habit of web surfing at work so I doubt I encountered this issue because I picked up a virus. When IE completes a download, it runs a security scan on the downloaded executable and nothing was detected there. Only when I execute the update is when I encounter this.
Thanks for checking with other scanners as well. I appreciate the fact you went the extra mile on this! It kind of narrows down the issue.
I guess I just have to live with this as is or go to another product that doesn't produce false positives. I honestly don't have time to deal with Symantec on this. Their customer service is not so great and a lot of time will be wasted on the phone while trying to deal with them.
Hopefully future PrimalScript updates will go back to the way they were previously, no threats detected. I don't know what changed but I have installed every update released and this is the first time I have seen this.
Posted: Fri Jan 04, 2013 6:12 am
You can submit the files here: https://submit.symantec.com/false_positive/
It requires data from YOUR scan on your machine and your software version.
Posted: Fri Jan 04, 2013 6:19 am
Thanks for your help! I made a submission to Symantec. Unfortunately, I have discovered that I cannot install any version of PrimalScript. They must have published an update recently that is now causing this problem.
As a workaround, I disabled Symantec temporarily and was able to install without any issues.
I hope their turnaround is reasonable. Scripting with Notepad after using PrimalScript would be extremely depressing!
Posted: Fri Jan 04, 2013 7:42 am
I made a submission just now as well. I'm using PowerShell Studio 2012, version 22.214.171.124
AV = Symantec Endpoint Protection v12.1.1101.401 (RU1 MP1)
I wasn't installing anything or even using the product, the backround scanner must have just done a sweep of the directory and flagged/quarantined the PoshExeHostForms.exe file.
There's an update, 126.96.36.199 of PowerShell Studio that i'd like to apply, but i'll just wait on Symantec's response.
Posted: Fri Jan 04, 2013 7:48 am
If you temporarily disable Symantec, you should be able to install without any problems. It worked for me.