Hi Pannag,
Chances are there for false positive detection. Submit the samples with Broadcom, they will review and **** the detection. Follow the below article,
How to Submit False Positives on Content Analysis to Symantec (broadcom.com)
------------------------------
Regards,
Vivek
------------------------------
Original Message:
Sent: Sep 30, 2024 04:39 AM
From: Pannag Prabhu
Subject: Detection of DLL as Heuristic Virus after Recent Update
Hello,
I'm encountering an issue where Symantec Endpoint Protection is detecting one of the DLL files used in my application as a heuristic virus. Let us say the file name is "abc.dll". This detection has started with the update released on 13th September 2024 - Live Update ID: 20240913.061 - of the Symantec Endpoint Protection. Before receiving this update (20240913.061) there was no issue with respect to the same DLL file. We suspect it might be a false positive. Kindly share your views on this.
I have attached the screenshot of the quarantine logs. Currently we have the Symantec Endpoint Protection v14.3.7393.4000 installed in our systems.
The details of the issue are as follows:
- The DLL file has been in use without issue prior to the update 20240913.061 received on 13th September 2024.
- The issue is only observed on Windows 10 22H2 systems. It does not occur on Windows 10 21H2 or Windows 11 with same version of Symantec Endpoint Protection.
- After adding a digital signature to the DLL, the issue is no longer observed on affected systems.
Could you provide any insight as to why this detection might be occurring. Is there a way to prevent this from happening in the future?
Any assistance or guidance on resolving this would be greatly appreciated.
NOTE: I have also observed that a DLL file related to Symantec is also being quarantined by Symantec Endpoint Protection. Check the attached the screenshot for more details.
Regards,
Pannag.