Build process being flagged as a Trojan?

bobbovine · ‎12-06-2010

Insteresting thing just started happening here. I do all my initial captures in a clean VM, that works perfectly fine, however I routinely copy the capture over to my physical machine and finish tweaking it there; it's just faster. Anyway, this morning Symantec Endpoint Protection, our corporate Antivirus started flagging the MSI creation phase of the build process as:

Scan type: Auto-Protect Scan

Event: Risk Found!

Security risk detected: Trojan.Gen.2

File: D:\AppVirt\Appname\bin\tabfa9.tmp

Location: D:\AppVirt\Appname\bin

Computer:

Action taken: Pending Side Effects Analysis : Access denied

Date found: Monday, December 06, 2010 7:51:39 AM

It then proceeds to quarantine the .tmp file, which of course causes the build to fail.

Any idea?

EED · ‎12-15-2010

I can confirm this also. I build my captures on clean VMs and copy to my system for updates and rebuilds just like you do. The last update about 2 weeks ago was fine. Today however after changing one line in the package.ini and rebuilding produces the same Trojan error you are receiving.

This is using Symantec SEP with definitions dated 14 Dec 2010 r24.

In order to complete my build I had to disable SEP temporarily.

Thankfully we will soon be moving away from Symantec as our enterprise AV solution.

All

Build process being flagged as a Trojan?