I can't submit them from work; the enterprise version quarantines them the instant I try to install or unpack them. I'm also not allowed to mark files as safe or to move them out of quarantine.
I'm running a different version at home, so I need to know how to unpack these files from the installer. If I can pull them out of the installer, I can submit them at home. Metta, Ivan On Mon, Jun 6, 2011 at 10:38 AM, Glenn Fowler <g...@research.att.com> wrote: > > the "technical details" link at the url you cited has: > > Discovered: April 29, 2010 > Updated: April 29, 2010 9:31:22 PM > Type: Trojan, Virus > > Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, > Windows NT, Windows Server 2003, Windows Vista, Windows XP > > Symantec antivirus products contain an highly sensitive detection > technology designed to detect entirely new malware threats without > traditional signatures. This technology is aimed at detecting malicious > software that has been intentionally mutated or morphed by attackers. > > If one or more files on your computer have been classified as having a > Suspicious.Emit threat, this indicates that the files have suspicious > characteristics and therefore might contain a new or unknown threat. > However, given the sensitive nature of this detection technology, it > may occasionally identify non-malicious, legitimate software programs > that also share these behavioral characteristics. Therefore, it is > recommended that users manually check all files detected as > Suspicious.Emit by Symantec antivirus products for potential > misidentification, and submit any suspect files to Symantec Security > Response for further analysis. For instructions on how to do this, read > Submit Virus Samples. > > In rare cases where a legitimate file has been misidentified and > subsequently quarantined, your computer may behave abnormally or you > may find that one or more applications no longer function as expected. > In such rare situations, you should open the Quarantine in your > Symantec antivirus product. From here, you may review the list of all > files detected as Suspicious.Emit and, if you identify a potential > misidentification, restore the file from quarantine and allow it to run > normally. > > we don't use symantec so I don't know if they would take a submission by us > seriously > could you submit { awk.exe bc.exe } via "Submit Virus Samples" with a note > that they are mislabeled > > thanks > > On Mon, 6 Jun 2011 10:18:04 -0600 Ivan Van Laningham wrote: > > I have four entries in my risk log for Symantec. One each of Log Only > and > > Quarantine for bc.exe and awk.exe. All four are classed as "Suspicious > > Emit" as defined here: > > > > http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2010-042920-5108-99&vid=42286 > > > The Log Only warnings happened at 24 May 0218, and the Quarantine > happened > > the same day at 1205. > > > Thanks, > > Ivan > > > On Thu, Jun 2, 2011 at 7:31 PM, Ivan Van Laningham <ivanl...@gmail.com > >wrote: > > > > I did get messages telling me which executables were problematic when I > > > logged in that day, but I didn't think to look in the logs. I'll check > > > tomorrow when I'm at work. > > > > > > Thanks. > > > > > > Metta, > > > Ivan > > > > > > > > > On Thu, Jun 2, 2011 at 5:38 PM, Glenn Fowler <g...@research.att.com> > wrote: > > > > > >> > > >> any symantec log messages corresponding to the quarantine? > > >> > > >> On Thu, 2 Jun 2011 17:29:03 -0600 Ivan Van Laningham wrote: > > >> > Symantec enterprise suddenly started classifying these two > executables, > > >> > unchanged for months, as virus threats and quarantined them. > Scanning > > >> the > > >> > Uwin installer exe does not yield results, but as soon as the > installer > > >> is > > >> > run, awk and bc are removed as threats. telnet.exe is also missing, > but > > >> I > > >> > never received a notice that it was a threat. > > >> > > >> > This began happening on either Monday, 23 May or Tuesday, 24 May. I > > >> believe > > >> > there was a Symantec virus definition update around that time. > > >> > > >> > This is fairly irritating, as corporate security is unwilling to > > >> question > > >> > the word of Symantec. "Ticket: closed. Resolution: Please find an > > >> > alternate implementation." > > >> > > >> > I'm not the only one on the network to suffer this problem. Are > others > > >> out > > >> > there experiencing this? How about home users of Symantec AV? > > >> > > >> > > > > > > > > > -- > > > Ivan Van Laningham > > > God N Locomotive Works > > > http://www.pauahtun.org/ > > > > > > > http://www.python.org/workshops/1998-11/proceedings/papers/laningham/laningham.html > > > Army Signal Corps: Cu Chi, Class of '70 > > > Author: Teach Yourself Python in 24 Hours > > > > > > -- > > Ivan Van Laningham > > God N Locomotive Works > > http://www.pauahtun.org/ > > > http://www.python.org/workshops/1998-11/proceedings/papers/laningham/laningham.html > > Army Signal Corps: Cu Chi, Class of '70 > > Author: Teach Yourself Python in 24 Hours > > > --000e0cd519c0be477904a50d7221 > > Content-Type: text/html; charset=UTF-8 > > Content-Transfer-Encoding: quoted-printable > > > Hi All--<br>I have four entries in my risk log for Symantec.=C2=A0 One > each= > > of Log Only and Quarantine for bc.exe and awk.exe.=C2=A0 All four are > clas= > > sed as "Suspicious Emit" as defined here:<br><br><a > href=3D"http:= > > // > securityresponse.symantec.com/security_response/writeup.jsp?docid=3D2010-= > > 042920-5108-99&vid=3D42286"> > http://securityresponse.symantec.com/securi= > > > ty_response/writeup.jsp?docid=3D2010-042920-5108-99&vid=3D42286</a><br> > > <br>The Log Only warnings happened at 24 May 0218, and the Quarantine > happe= > > ned the same day at 1205.<br><br>Thanks,<br>Ivan<br><br><div > class=3D"gmail= > > _quote">On Thu, Jun 2, 2011 at 7:31 PM, Ivan Van Laningham <span > dir=3D"ltr= > > "><<a href=3D"mailto:ivanl...@gmail.com">ivanl...@gmail.com > </a>></spa= > > n> wrote:<br> > > <blockquote class=3D"gmail_quote" style=3D"margin: 0pt 0pt 0pt 0.8ex; > borde= > > r-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">I did get > message= > > s telling me which executables were problematic when I logged in that > day, = > > but I didn't think to look in the logs.=C2=A0 I'll check tomorrow > w= > > hen I'm at work.<br> > > <br>Thanks.<br><br>Metta,<br><font > color=3D"#888888">Ivan</font><div><div><= > > /div><div class=3D"h5"><br> > > <br><div class=3D"gmail_quote">On Thu, Jun 2, 2011 at 5:38 PM, Glenn > Fowler= > > <span dir=3D"ltr"><<a href=3D"mailto:g...@research.att.com" > target=3D"_b= > > lank">g...@research.att.com</a>></span> wrote:<br><blockquote > class=3D"gm= > > ail_quote" style=3D"margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid > rgb(2= > > 04, 204, 204); padding-left: 1ex;"> > > > <br> > > any symantec log messages corresponding to the quarantine?<br> > > <div><div></div><div><br> > > On Thu, 2 Jun 2011 17:29:03 -0600 Ivan Van Laningham wrote:<br> > > > Symantec enterprise suddenly started classifying these two > executables= > > ,<br> > > > unchanged for months, as virus threats and quarantined them. > =C2=A0Sca= > > nning the<br> > > > Uwin installer exe does not yield results, but as soon as the > installe= > > r is<br> > > > run, awk and bc are removed as threats. =C2=A0telnet.exe is also > missi= > > ng, but I<br> > > > never received a notice that it was a threat.<br> > > <br> > > > This began happening on either Monday, 23 May or Tuesday, 24 May. > =C2= > > =A0I believe<br> > > > there was a Symantec virus definition update around that time.<br> > > <br> > > > This is fairly irritating, as corporate security is unwilling to > quest= > > ion<br> > > > the word of Symantec. =C2=A0"Ticket: closed. =C2=A0Resolution: > Pl= > > ease find an<br> > > > alternate implementation."<br> > > <br> > > > I'm not the only one on the network to suffer this problem. > =C2=A0= > > Are others out<br> > > > there experiencing this? =C2=A0How about home users of Symantec > AV?<br= > > > > > <br> > > </div></div></blockquote></div><br><br > clear=3D"all"><br></div></div><div><= > > div></div><div class=3D"h5">-- <br>Ivan Van Laningham<br>God N Locomotive > W= > > orks<br><a href=3D"http://www.pauahtun.org/" target=3D"_blank"> > http://www.p= > > auahtun.org/</a><br> > > <a href=3D" > http://www.python.org/workshops/1998-11/proceedings/papers/lanin= > > gham/laningham.html" target=3D"_blank"> > http://www.python.org/workshops/1998= > > -11/proceedings/papers/laningham/laningham.html</a><br> > > Army Signal Corps:=C2=A0 Cu Chi, Class of '70<br>Author:=C2=A0 Teach > Yo= > > urself Python in 24 Hours<br> > > </div></div></blockquote></div><br><br clear=3D"all"><br>-- <br>Ivan Van > La= > > ningham<br>God N Locomotive Works<br><a href=3D"http://www.pauahtun.org/ > ">h= > > ttp://www.pauahtun.org/</a><br><a href=3D" > http://www.python.org/workshops/1= > > 998-11/proceedings/papers/laningham/laningham.html"> > http://www.python.org/w= > > orkshops/1998-11/proceedings/papers/laningham/laningham.html</a><br> > > Army Signal Corps:=C2=A0 Cu Chi, Class of '70<br>Author:=C2=A0 Teach > Yo= > > urself Python in 24 Hours<br> > > > --000e0cd519c0be477904a50d7221-- > > -- Ivan Van Laningham God N Locomotive Works http://www.pauahtun.org/ http://www.python.org/workshops/1998-11/proceedings/papers/laningham/laningham.html Army Signal Corps: Cu Chi, Class of '70 Author: Teach Yourself Python in 24 Hours
_______________________________________________ uwin-users mailing list uwin-users@research.att.com https://mailman.research.att.com/mailman/listinfo/uwin-users