virus alert!

Discussion of open issues, suggestions and bugs regarding database management and development tools for Oracle
Post Reply
hepek
Posts: 126
Joined: Thu 07 Jul 2011 13:59

virus alert!

Post by hepek » Wed 17 Sep 2014 14:33

I downlodaed the latest dbForge software from VS (Fusion->Oracle->Check for updates)
the file downloaded is dbforgeoracle36vs10std.exe.

during the installation I got a virus alert from my Symantec Endpoint Protection.
the file infected is:
C:\ProgramData\Devart\dbForge Fusion for Oracle\Visual Studio\Uninstall\is-QMDOI.tmp

here is more details about threat:
http://securityresponse.symantec.com/se ... &vid=23922

I also noticed that some of your setup files are not signed, why is that?

please advice
thank you

alexa

Re: virus alert!

Post by alexa » Thu 18 Sep 2014 17:03

This is a known issue of Symantec falsely detecting dbForge as a suspicious software.

We reported this false-positive detection to Symantec earlier.

Currently, we suggest you to disable Symantec while installing dbForge or to add products to Symantec's exception list.

We do confirm that the files downloaded from Registered User's Area or http://www.devart.com/ do not contain any malware, so you can run the files downloaded from the websites with no risk.

kmdavisjr
Posts: 5
Joined: Tue 05 Feb 2013 16:31

Re: virus alert!

Post by kmdavisjr » Mon 22 Dec 2014 01:20

Yep, I got it as well. Remove it from quarantine and exclude it. It is being identified because of NIS heuristics. Essentially, because not many NIS users have this file on their system and the file is new, the algorithm assumes it is a virus. I have submitted this as well. Hope Symantec adds it to their white list, because the false positive is kind of annoying.

.jp
Devart Team
Posts: 345
Joined: Wed 09 Sep 2009 06:55
Location: devart

Re: virus alert!

Post by .jp » Mon 22 Dec 2014 08:10

Hi!
Symantec replied us and confirmed that the misleading virus detection of our tool will be fixed in one of the next update of their software (or their virus database).
Best Regards.

kmdavisjr
Posts: 5
Joined: Tue 05 Feb 2013 16:31

Re: virus alert!

Post by kmdavisjr » Mon 22 Dec 2014 17:40

FYI

---------- Forwarded message ----------
From: <[email protected]>
Date: Dec 22, 2014 2:42 AM
Subject: [No Reply] False Positive submission (3691884)
To:
Cc:

In relation to submission [3691884].

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

C23FCCC227E6031A2AFD64E82BC4A2A2 - updatesystem.exe


The updated detection(s) will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/av ... nload.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

alexa

Re: virus alert!

Post by alexa » Tue 23 Dec 2014 09:21

Thank you for letting us know this.

Post Reply