Symantec Antivirus Alerts for Heur.AdvML.B on Script Engines

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 6 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
gareth.jacobs
Posts: 34
Last visit: Wed Jan 24, 2024 7:43 pm

Symantec Antivirus Alerts for Heur.AdvML.B on Script Engines

Post by gareth.jacobs »

Product, version and build: PowerShell Studio 2017 v5.4.143
32 or 64 bit version of product: 64
Operating system: Windows 10 Build 14393
32 or 64 bit OS: 64

Symantec Antivirus just issued the following Heur.AdvML.B alert on the Script Engine:

Scan type: Auto-Protect Scan
Event: Risk Found!
Security risk detected: Heur.AdvML.B
File: "C:\Program Files\SAPIEN Technologies, Inc\PowerShell Studio 2017\ScriptEngines\SAPIEN PowerShell V2 Host (Windows Application) Win32.exe"
Location: C:\Program Files\SAPIEN Technologies, Inc\PowerShell Studio 2017\ScriptEngines
Computer: ************
User: SYSTEM
Action taken: Pending Side Effects Analysis : Access denied
Date found: Thursday, 10 August 2017 7:50:49 AM

Here is the Engine and Definition information:

Engines
-------
Common Client: 13.2.0.246
LiveUpdate: 2.4.0.26
SymEvent: 14.0.3.1
Auto-Protect Kernel Driver: 15.0.5.11
Auto-Protect User Mode Interface: 15.0.5.15
Decomposer: 2.3.5.10
Power Eraser Engine: 5.1.0.48
Endpoint Detection and Response Framework: 1.0.0.2730
Endpoint Detection and Response Engine: 1.0.0.3006
Eraser: 117.2.0.45
SONAR Framework: 10.1.1.52
SONAR Engine: 11.2.0.203
Intrusion Protection Framework: 15.2.2.22
Intrusion Protection Engine: 15.2.5.21
Intrusion Protection Browser Engine: 15.2.5.21


Definitions
-----------
Virus & Spyware SDS (Reduced): 170809001 (10/08/2017 07:58)
Portal List: 170329017 (10/08/2017 07:58)
Whitelist: 170809003 (10/08/2017 08:09)
Revocation List: 170809006 (10/08/2017 07:58)
Reputation Settings: 170510021 (10/08/2017 07:58)
Power Eraser: 161121023 (10/08/2017 07:58)
Endpoint Detection and Response: 170413014 (10/08/2017 07:58)
SONAR: 170731001 (10/08/2017 07:58)
Intrusion Protection: 170808021 (10/08/2017 07:58)
Host Integrity: 151028001 (Never)
SCD: 170213019 (10/08/2017 07:58)
EFA Signatures: 170809016 (10/08/2017 08:09)
Common Network Transport Library and Configuration: 170623008 (10/08/2017 07:58)
Client Security Updates: 234882928 (10/08/2017 07:58)
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 19
Been upvoted: 37 times

Re: Symantec Antivirus Alerts for Heur.AdvML.B on Script Engines

Post by Alexander Riedel »

You need to submit the affected files to your anti-virus vendor. While we continuously scan our software and this is very likely once again a Symantec issue and a false positive, we cannot know what happens on your machine.
Please understand that we cannot submit our files to the Symantec to clear this up, they need to come from you.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 6 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.