SAPIEN Forums

Alexander Riedel wrote: ↑Mon Oct 09, 2017 1:07 pm If you are not packaging for the target that these products are complaining about, it is not a problem.
You need to contact your antivirus vendor. These files are not infected as far as we can tell. Our anti-virus scanners do not report them as infected and several vendors have already white listed them as we are told. But we cannot submit files ourselves to YOUR anti-virus software vendor.

IMPORTANT: Please read other user's posts and our replies. If you have the same issue, you will get the same reply. We have no control over the way your anti-virus vendor scans for patterns. We cannot submit files to them. We scan our files continuously and we have no indication of an actual verified infection with anything.

That generic reply just tells me this company has little regard for security. "As far as we can tell" is a very poor response without anything more substantial to back it up. More almost a third of the major AV vendors out there are still as of today flagging this as malware, more than a week after it was initially reported. I would think as a software company you would be proactively working with these companies as to WHY they are flagging your software instead of just repeating that the ones you run don't find anything. Have your teams completed code audits to confirm that the current build has no malicious changes that were implemented without knowledge? Case in point - the recent CCleaner malware!

Why would you assume we have not done that? Of course we immediately verified that we have nothing infected. The "As far as we can tell" obviously refers to the often stated "we do not know what you do on your computer". What more substantial would you want to back this up? You are welcome to come by our office and look at the code and the build process yourself, if that is what you need to do.
Our customer's security is quite obviously of our utmost concern.
I can only recommend to contact your anti-virus vendor who has not reacted after more than a week to multiple reports of what obviously is a false positive.
We have contacted ALL anti-virus vendors in this matter. Unfortunately they do not share your or our concern for urgency and rather err on the side of caution. Which we may not like, but if you have more than 'little regard for security' you can probably understand that.

I am getting the same notification from Trend Micro Office Scan (Pattern File 13.709.00)

File Name Threat File Path
SAPIEN PowerShell V2 Host (Windows Application) Win32.engine TROJ_GEN.R002C0PJ817 C:\Program Files\SAPIEN Technologies, Inc\PowerShell Studio 2017\ScriptEngines\

We are aware, thanks. A good number of these AV engines report different problems with the same file, which is generally a good indication for a false positive.
However that is never a reason to be complacent. You should always check with your AV provider.
We are working on the problem from our end, as mentioned before.