JerryS@cat
02-10-2017, 12:30 PM
This is similar to a post I put out here on 11/30/2016. My company is running Symantec EndPoint Protection. For some reason, Symantec has once again placed SB10.exe (SetupBuilder Developer v10 ) into quarantine on my computer, indicating a heuristic threat of SONAR.AM.E!g17. The name of the threat is pointless since it's just a false positive for some reason that only Symantec knows. Anyone wanting to know more information about that heuristic threat, it can be found at https://www.symantec.com/security_response/writeup.jsp?docid=2016-111612-4317-99
Symantec has a web page where false positives can be submitted for "whitelisting" in their definition files. I submitted an entry for SB10.exe, and they will do whatever evaluation tasks it is that they do and get back with me. Last time (in November), they indicated that it was indeed a false positive and were going to whitelist SB10.EXE. So I guess I get to go through this exercise again.
If they come back with anything but a confirmation that this is a false positive, I will post a follow-up to this post.
Jerry Shannon
Senior Technical Analyst
Caterpillar, Inc.
Symantec has a web page where false positives can be submitted for "whitelisting" in their definition files. I submitted an entry for SB10.exe, and they will do whatever evaluation tasks it is that they do and get back with me. Last time (in November), they indicated that it was indeed a false positive and were going to whitelist SB10.EXE. So I guess I get to go through this exercise again.
If they come back with anything but a confirmation that this is a false positive, I will post a follow-up to this post.
Jerry Shannon
Senior Technical Analyst
Caterpillar, Inc.