virus alert!

virus alert!

Postby hepek » Wed 17 Sep 2014 14:33

I downlodaed the latest dbForge software from VS (Fusion->Oracle->Check for updates)
the file downloaded is dbforgeoracle36vs10std.exe.

during the installation I got a virus alert from my Symantec Endpoint Protection.
the file infected is:
C:\ProgramData\Devart\dbForge Fusion for Oracle\Visual Studio\Uninstall\is-QMDOI.tmp

here is more details about threat:
http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2008-121617-3748-99&vid=23922

I also noticed that some of your setup files are not signed, why is that?

please advice
thank you
hepek
 
Posts: 115
Joined: Thu 07 Jul 2011 13:59

Re: virus alert!

Postby alexa » Thu 18 Sep 2014 17:03

This is a known issue of Symantec falsely detecting dbForge as a suspicious software.

We reported this false-positive detection to Symantec earlier.

Currently, we suggest you to disable Symantec while installing dbForge or to add products to Symantec's exception list.

We do confirm that the files downloaded from Registered User's Area or http://www.devart.com/ do not contain any malware, so you can run the files downloaded from the websites with no risk.
alexa
Devart Team
 
Posts: 2170
Joined: Fri 24 Jun 2011 14:17

Re: virus alert!

Postby kmdavisjr » Mon 22 Dec 2014 01:20

Yep, I got it as well. Remove it from quarantine and exclude it. It is being identified because of NIS heuristics. Essentially, because not many NIS users have this file on their system and the file is new, the algorithm assumes it is a virus. I have submitted this as well. Hope Symantec adds it to their white list, because the false positive is kind of annoying.
kmdavisjr
 
Posts: 5
Joined: Tue 05 Feb 2013 16:31

Re: virus alert!

Postby .jp » Mon 22 Dec 2014 08:10

Hi!
Symantec replied us and confirmed that the misleading virus detection of our tool will be fixed in one of the next update of their software (or their virus database).
Best Regards.
.jp
Devart Team
 
Posts: 303
Joined: Wed 09 Sep 2009 06:55
Location: devart

Re: virus alert!

Postby kmdavisjr » Mon 22 Dec 2014 17:40

FYI

---------- Forwarded message ----------
From: <falsepositives@symantec.com>
Date: Dec 22, 2014 2:42 AM
Subject: [No Reply] False Positive submission (3691884)
To:
Cc:

In relation to submission [3691884].

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

C23FCCC227E6031A2AFD64E82BC4A2A2 - updatesystem.exe


The updated detection(s) will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.
kmdavisjr
 
Posts: 5
Joined: Tue 05 Feb 2013 16:31

Re: virus alert!

Postby alexa » Tue 23 Dec 2014 09:21

Thank you for letting us know this.
alexa
Devart Team
 
Posts: 2170
Joined: Fri 24 Jun 2011 14:17


Return to dbForge for Oracle