the "technical details" link at the url you cited has:
Discovered: April 29, 2010
Updated: April 29, 2010 9:31:22 PM
Type: Trojan, Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me,
Windows NT, Windows Server 2003, Windows Vista, Windows XP
Symantec antivirus products contain an highly sensitive detection
technology designed to detect entirely new malware threats without
traditional signatures. This technology is aimed at detecting malicious
software that has been intentionally mutated or morphed by attackers.
If one or more files on your computer have been classified as having a
Suspicious.Emit threat, this indicates that the files have suspicious
characteristics and therefore might contain a new or unknown threat.
However, given the sensitive nature of this detection technology, it
may occasionally identify non-malicious, legitimate software programs
that also share these behavioral characteristics. Therefore, it is
recommended that users manually check all files detected as
Suspicious.Emit by Symantec antivirus products for potential
misidentification, and submit any suspect files to Symantec Security
Response for further analysis. For instructions on how to do this, read
Submit Virus Samples.
In rare cases where a legitimate file has been misidentified and
subsequently quarantined, your computer may behave abnormally or you
may find that one or more applications no longer function as expected.
In such rare situations, you should open the Quarantine in your
Symantec antivirus product. From here, you may review the list of all
files detected as Suspicious.Emit and, if you identify a potential
misidentification, restore the file from quarantine and allow it to run
normally.
we don't use symantec so I don't know if they would take a submission by us
seriously
could you submit { awk.exe bc.exe } via "Submit Virus Samples" with a note
that they are mislabeled
thanks
On Mon, 6 Jun 2011 10:18:04 -0600 Ivan Van Laningham wrote:
> I have four entries in my risk log for Symantec. One each of Log Only and
> Quarantine for bc.exe and awk.exe. All four are classed as "Suspicious
> Emit" as defined here:
> http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2010-042920-5108-99&vid=42286
> The Log Only warnings happened at 24 May 0218, and the Quarantine happened
> the same day at 1205.
> Thanks,
> Ivan
> On Thu, Jun 2, 2011 at 7:31 PM, Ivan Van Laningham <[email protected]>wrote:
> > I did get messages telling me which executables were problematic when I
> > logged in that day, but I didn't think to look in the logs. I'll check
> > tomorrow when I'm at work.
> >
> > Thanks.
> >
> > Metta,
> > Ivan
> >
> >
> > On Thu, Jun 2, 2011 at 5:38 PM, Glenn Fowler <[email protected]> wrote:
> >
> >>
> >> any symantec log messages corresponding to the quarantine?
> >>
> >> On Thu, 2 Jun 2011 17:29:03 -0600 Ivan Van Laningham wrote:
> >> > Symantec enterprise suddenly started classifying these two executables,
> >> > unchanged for months, as virus threats and quarantined them. Scanning
> >> the
> >> > Uwin installer exe does not yield results, but as soon as the installer
> >> is
> >> > run, awk and bc are removed as threats. telnet.exe is also missing, but
> >> I
> >> > never received a notice that it was a threat.
> >>
> >> > This began happening on either Monday, 23 May or Tuesday, 24 May. I
> >> believe
> >> > there was a Symantec virus definition update around that time.
> >>
> >> > This is fairly irritating, as corporate security is unwilling to
> >> question
> >> > the word of Symantec. "Ticket: closed. Resolution: Please find an
> >> > alternate implementation."
> >>
> >> > I'm not the only one on the network to suffer this problem. Are others
> >> out
> >> > there experiencing this? How about home users of Symantec AV?
> >>
> >>
> >
> >
> > --
> > Ivan Van Laningham
> > God N Locomotive Works
> > http://www.pauahtun.org/
> >
> > http://www.python.org/workshops/1998-11/proceedings/papers/laningham/laningham.html
> > Army Signal Corps: Cu Chi, Class of '70
> > Author: Teach Yourself Python in 24 Hours
> >
> --
> Ivan Van Laningham
> God N Locomotive Works
> http://www.pauahtun.org/
> http://www.python.org/workshops/1998-11/proceedings/papers/laningham/laningham.html
> Army Signal Corps: Cu Chi, Class of '70
> Author: Teach Yourself Python in 24 Hours
> --000e0cd519c0be477904a50d7221
> Content-Type: text/html; charset=UTF-8
> Content-Transfer-Encoding: quoted-printable
> Hi All--<br>I have four entries in my risk log for Symantec.=C2=A0 One each=
> of Log Only and Quarantine for bc.exe and awk.exe.=C2=A0 All four are clas=
> sed as "Suspicious Emit" as defined here:<br><br><a href=3D"http:=
> //securityresponse.symantec.com/security_response/writeup.jsp?docid=3D2010-=
> 042920-5108-99&vid=3D42286">http://securityresponse.symantec.com/securi=
> ty_response/writeup.jsp?docid=3D2010-042920-5108-99&vid=3D42286</a><br>
> <br>The Log Only warnings happened at 24 May 0218, and the Quarantine happe=
> ned the same day at 1205.<br><br>Thanks,<br>Ivan<br><br><div class=3D"gmail=
> _quote">On Thu, Jun 2, 2011 at 7:31 PM, Ivan Van Laningham <span dir=3D"ltr=
> "><<a href=3D"mailto:[email protected]";>[email protected]</a>></spa=
> n> wrote:<br>
> <blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0.8ex; borde=
> r-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">I did get message=
> s telling me which executables were problematic when I logged in that day, =
> but I didn't think to look in the logs.=C2=A0 I'll check tomorrow w=
> hen I'm at work.<br>
> <br>Thanks.<br><br>Metta,<br><font color=3D"#888888">Ivan</font><div><div><=
> /div><div class=3D"h5"><br>
> <br><div class=3D"gmail_quote">On Thu, Jun 2, 2011 at 5:38 PM, Glenn Fowler=
> <span dir=3D"ltr"><<a href=3D"mailto:[email protected]"; target=3D"_b=
> lank">[email protected]</a>></span> wrote:<br><blockquote class=3D"gm=
> ail_quote" style=3D"margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(2=
> 04, 204, 204); padding-left: 1ex;">
> <br>
> any symantec log messages corresponding to the quarantine?<br>
> <div><div></div><div><br>
> On Thu, 2 Jun 2011 17:29:03 -0600 Ivan Van Laningham wrote:<br>
> > Symantec enterprise suddenly started classifying these two executables=
> ,<br>
> > unchanged for months, as virus threats and quarantined them. =C2=A0Sca=
> nning the<br>
> > Uwin installer exe does not yield results, but as soon as the installe=
> r is<br>
> > run, awk and bc are removed as threats. =C2=A0telnet.exe is also missi=
> ng, but I<br>
> > never received a notice that it was a threat.<br>
> <br>
> > This began happening on either Monday, 23 May or Tuesday, 24 May. =C2=
> =A0I believe<br>
> > there was a Symantec virus definition update around that time.<br>
> <br>
> > This is fairly irritating, as corporate security is unwilling to quest=
> ion<br>
> > the word of Symantec. =C2=A0"Ticket: closed. =C2=A0Resolution: Pl=
> ease find an<br>
> > alternate implementation."<br>
> <br>
> > I'm not the only one on the network to suffer this problem. =C2=A0=
> Are others out<br>
> > there experiencing this? =C2=A0How about home users of Symantec AV?<br=
> >
> <br>
> </div></div></blockquote></div><br><br clear=3D"all"><br></div></div><div><=
> div></div><div class=3D"h5">-- <br>Ivan Van Laningham<br>God N Locomotive W=
> orks<br><a href=3D"http://www.pauahtun.org/"; target=3D"_blank">http://www.p=
> auahtun.org/</a><br>
> <a href=3D"http://www.python.org/workshops/1998-11/proceedings/papers/lanin=
> gham/laningham.html" target=3D"_blank">http://www.python.org/workshops/1998=
> -11/proceedings/papers/laningham/laningham.html</a><br>
> Army Signal Corps:=C2=A0 Cu Chi, Class of '70<br>Author:=C2=A0 Teach Yo=
> urself Python in 24 Hours<br>
> </div></div></blockquote></div><br><br clear=3D"all"><br>-- <br>Ivan Van La=
> ningham<br>God N Locomotive Works<br><a href=3D"http://www.pauahtun.org/";>h=
> ttp://www.pauahtun.org/</a><br><a href=3D"http://www.python.org/workshops/1=
> 998-11/proceedings/papers/laningham/laningham.html">http://www.python.org/w=
> orkshops/1998-11/proceedings/papers/laningham/laningham.html</a><br>
> Army Signal Corps:=C2=A0 Cu Chi, Class of '70<br>Author:=C2=A0 Teach Yo=
> urself Python in 24 Hours<br>
> --000e0cd519c0be477904a50d7221--
_______________________________________________
uwin-users mailing list
[email protected]
https://mailman.research.att.com/mailman/listinfo/uwin-users
