UpdateSystem.exe for 6.3.358 Triggers Antivirus
Posted: Fri 05 Jun 2015 00:21
Hi
Like many good corporate citizens (I suppose) I am obliged to run Symantec Endpoint Protection at all times, and between dbFS for MySQL 6.3.341 and 6.3.358, something appears to have changed in the UpdateSystem.exe file (or it is new), and Symantec now identifies it as security risk MH690 (see below) whereas it was entirely happy with build 341
Several Seconds later, this Symantec window pops up.
Upon searching for MH690, I found in a Symantec forum at http://www.symantec.com/connect/forums/ ... risk-found
I cannot, of course submit your files to any third party, so I am hoping you will.
dbForgeStudio for MySQL "completes" its installation, and appears to run the GUI despite that file being quarantined.
But since I do not know what the file was intended for, I cannot trust that the installation is valid, and in its incompleteness will not accidentally destroy aspects of our production databases. Therefore, it is too risky to open any of our databases in any regard with either of the available 6.3 builds we have paid for.
Help and advice, please? I am *really* looking forward to being able to use 6.3 some time soon.
Regards, KiwiJem
Like many good corporate citizens (I suppose) I am obliged to run Symantec Endpoint Protection at all times, and between dbFS for MySQL 6.3.341 and 6.3.358, something appears to have changed in the UpdateSystem.exe file (or it is new), and Symantec now identifies it as security risk MH690 (see below) whereas it was entirely happy with build 341
Several Seconds later, this Symantec window pops up.
Upon searching for MH690, I found in a Symantec forum at http://www.symantec.com/connect/forums/ ... risk-found
My corporate IT team are not permitted to turn antivirus off, and the changed dbFS product will not completely install due presumably to a self modifying code technique which was hopefully implemented for good and benign purposes.Suspicious.MH690 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.
I would suggest you to submit these files to the Symantec Security Response Team on
https://submit.symantec.com/essential
And, I would suggest opening a case with Symantec and providing us with the tracking number on that submission.
Once the Symantec Security Response Team checks the file, they could say if this file is False Positive or not.
I cannot, of course submit your files to any third party, so I am hoping you will.
dbForgeStudio for MySQL "completes" its installation, and appears to run the GUI despite that file being quarantined.
But since I do not know what the file was intended for, I cannot trust that the installation is valid, and in its incompleteness will not accidentally destroy aspects of our production databases. Therefore, it is too risky to open any of our databases in any regard with either of the available 6.3 builds we have paid for.
Help and advice, please? I am *really* looking forward to being able to use 6.3 some time soon.
Regards, KiwiJem