Menu

#79 Symantec Endpoint Protection False Positive PUA

none
open
nobody
None
medium
2017-07-04
2017-05-29
Dave Mariano
No

winexe is being detected as a potentially unwanted program by Symantec Endpoint protection.

There are two PUA's related to winexe in Symatec's PUA database:

  1. PUA.Winexe!g1 (www.symantec.com) - Referring to winexesvc.exe on Windows.
  2. PUA.Winexe (www.symantec.com) - Referring to the Linux winexe client.

This is preventing the use of winexe in certain environments. May you report this as a false positive?
https://submit.symantec.com/false_positive/

Discussion

  • Dean Williams

    Dean Williams - 2017-05-30

    Just to add to this, here's what Symantec are saying about winexe:

    Files that are detected as PUA.Winexe!g1 are considered malicious. If you have reason to believe that your files are incorrectly detected by Symantec products, you can submit them to Symantec Security Response for further analysis.

     

  • Tom Dexter

    Tom Dexter - 2017-07-04

    I hope that at some point, someone directly involved with the winexe project will submit a false positive report to Symantec on this if that hasn't happened yet. It appears that many (if not most) virus scan products have followed Symantec's lead on this one.

     

Log in to post a comment.

MongoDB Logo MongoDB