How to make an app - Andromo App Maker

Announcement

Collapse
No announcement yet.

Symantec identifying setup.exe as Trojan.StartPage

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Symantec identifying setup.exe as Trojan.StartPage

    Symantec virus definitions from 19/April/2006 are identifying all my setup.exe build with Setup Factory 7.0.4.0 as a Trojan.StartPage.

    I'm sure it's just a mistake from Symantec, but please hurry contacting them and solving the issue! All my clients are getting the setup.exe deleted when they download my products from the Internet!

  • #2
    I have the same problem. In the mean time anyone can submit this false alarm to Symantec website at:
    https://submit.symantec.com/false_positive/index.html

    The more we submit it, the faster they solve it.

    Thanks

    Comment


    • #3
      We will contact them today as well. However, astrahhan is right, the more of you that submit the false positive the better.

      Comment


      • #4
        same here

        Just had one reported by a customer. I will also submit.

        Comment


        • #5
          Could you please clarify:

          is the false postitive for the COMPILED SETUP.EXE
          or when the IRSETUP.EXE is created or when it is extracted-run.

          What version-s of Symantec Product-s(with the AV components) are running.

          many thanks
          Martin.

          Comment


          • #6
            We had this same issue yesterday. It caused quite a stir because we weren't sure if it was a false positive or not. We ended up going into lockdown mode until it could be verified as a false positive or not.

            I have submitted the false positive to symantec. Hopefully they will get it fixed soon.

            Comment


            • #7
              I have Norton AV Professional 10.0.1.13 with definitions dated 19.04.2006
              But scanning my setups (not named setup.exe, if this matters) does not bring any alert or whatever. Also running the setups does not bring any alerts.
              However my last setup was generated on March 7, i'm not sure if I had SF 7.0.3 or 7.0.4 at that time.

              Comment


              • #8
                Has anyone confirmed this for a setup built with 7.0.5.1? or is it always 7.0.4.0? I encourage everyone and their dogs to submit this to Symantec using the above link. We are also trying to contact them through other channels but they are not the easiest company to get a hold of.

                Please note that this is a FALSE POSITIVE! There is no malware in Setup Factory.

                Thank you for your time, patience and understanding

                Adam Kapilik

                Comment


                • #9
                  Hi Adam, fwiw I have tested SUF70 v7.0.5.1 with NAV versions 8x , 9x, 10x
                  with the Symantec 19\04\2006 av definitions..with NO ISSUES.

                  BTW: 7.0.4.0 'setup.exe' with above NAV versions: NO ISSUES at my end

                  I have emailed several priority clients who I know are running NAV v11x or later,
                  requesting them to reply and to submitt to Symantec if issues.

                  "setup.exe's" created with 7.0.4.0 and updates created with 7.0.5.1
                  no client emails to date...

                  I have requested them to disable NAV auto-protect from the system tray or NAV settings,
                  if running a SUF70 created 'setup.exe' with a NAV FALSE POSITIVE detection issue.
                  Last edited by Eagle; 04-21-2006, 10:00 AM.

                  Comment


                  • #10
                    Thank you very much for the information. The more noise that people can make about this the quicker Symantec will respond.

                    Adam Kapilik

                    Comment


                    • #11
                      The problem occurs with the compiled setup.exe. Setups build with 7.0.5.1 don't seem to have the problem. I tested Symantec Corporate 9 and 10, also Norton 2005 and 2006 and they all had the same problem. This means the problem is with the definitions, not the anti-virus engine.

                      Comment


                      • #12
                        Thanks for the info .. :yes

                        makes me continue to wonder how much testing on 'sfx headers' and the like that
                        Symantec actually do before releasing av defs - trojan sigs etc.
                        Last edited by Eagle; 04-21-2006, 10:42 AM.

                        Comment


                        • #13
                          What I find problematic is not that a bug showed up, but how long it takes them to fix it. I contacted Symantec by email (got an email back saying I would get an answer in 2-3 days) and by false positives web form (got an email saying it might take up to 4 WEEKS to solve the false positive). Bugs like this should be solved within 24 hours at the very most!

                          Comment


                          • #14
                            Well folks I just spent 1 hour going through the channels of Symantec. I hit a wall eventually.

                            the ONLY way for us to get through to their developers is if one of our customers who has a Gold Support package for the enterprise version of Norton AV to start a support case and then tell Symantec that we (IndigoRose) is going to speak on their behalf.

                            The number to get the ball rolling on this is: (800) 927-4017 which will get to level 1 support. If they cannot solve the problem (which they won't be able to) then we will get elevated to level 2 which could potentially be able to put us in contact with their developers.

                            Now needless to say we are not happy with this process but if anyone could help it would be much appreciated. Also the office that we need to get in touch with is open Mon-Fri 9am-5pm Pacific time so we are on a tight timeline here to begin with.

                            If you can help then please call our sales line and ask for Adam.

                            Sincerely,

                            Adam Kapilik

                            Comment


                            • #15
                              That is beyond foul.

                              Comment

                              Working...
                              X