Re: Suspicious.Cloud again..
Hello,
The SB compiler generates unique binaries and the Microsoft Authenticode code-signing process modifies the binaries again. There is no "standard" SB uninstall. It is compiled and code-signed on-the-fly.
BTW, this is not related to SetupBuilder and there is absolutely nothing we can do. It's a Symantec false-positive bug and so only Symantec can fix it in their system.
http://www.symantec.com/connect/forums/suspiciouscloud
http://www.symantec.com/security_res...136-99&tabid=2
http://community.norton.com/t5/Norto...2/td-p/1045187
Friedrich
1 Attachment(s)
Re: Suspicious.Cloud again..
Some aditional information:
Also a totally new project (no files included) build with SetupBuilder is directly sent to the quarantaine:
"Suspicious.Cloud.5.A","Your Project Name-2.exe","C:\Users\IBM_ADMIN\Documents\SetupBuilder Projects\Your Project Name-3\","Infected","20.02.2014 14:21"
(Project Attached)
Regards
Thomas
Re: Suspicious.Cloud again..
Wrong newsgroup <g>. You have to report this bug to Symantec !!! ;-) It's their false-positive bug. There is absolutely nothing we (or you) can do if a specific combination of bytes in a Windows executable or a database (the file you posted is a TopSpeed database file) gives a false-positive warning.
Friedrich
Re: Suspicious.Cloud again..
If an empty project is causing the heuristic scan to detect the build
setup executable to be sent to the quarantaine, I don't think you can
just put this problem on to your customers.
I think you also have to contact Symantec, to make sure, they do not
detect the Setup files as virus risk.
Thomas
Re: Suspicious.Cloud again..
BTW, compiled your project and let VirusTotal check it:
https://www.virustotal.com/en/file/b...is/1392906752/
Friedrich
Re: Suspicious.Cloud again..
I know the virustotal seems not to do the heuristic scan on the Suspicious.Cloud.
Have already checked.
Re: Suspicious.Cloud again..
Sorry, this is seriously not related to SetupBuilder at all !!!
Here is the test result from your original project file compiled into a .exe:
https://www.virustotal.com/en/file/b...is/1392906752/
Not sure what else I can tell you. We can't do anything to fix this Symantec bug.
Friedrich
Re: Suspicious.Cloud again..
It is serious, cause IBM will not change there virus scanner compony wide.
Cause of one failing Installation Builder.
Re: Suspicious.Cloud again..
Huh??? Sorry, but this has absolutely NOTHING to do with SetupBuilder. The SetupBuilder compiler generates native Windows binary files. If a specific combination of bytes in your generated executable or binary file causes a false-positive alert then only Symantec can fix the bug in their system. There is nothing that you or we can do here. For example, if code-signing with your own code-signing certificate embeds a specifc combination of bytes into a binary and this triggers the false-positive then there is nothing that you can do to find out what specific combination of bytes causes this nor can you do anything to change this in your own files. Symantec has to fix it !!!
Friedrich