Endpoint Protection

Expand all | Collapse all

Spotify is detected as an Trojan Horse?

Jump to Best Answer

Migration User01-28-2010 04:35 AM

Migration User01-28-2010 02:42 PM

  • 1.  Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 03:41 AM
    Does anyone know something about “Spotify” is detected as an Trojan Horse?

    I’m running Symantec Endpoint Protection version 11.0.5002.333
    Definitions:  27 januari 2010 r49


  • 2.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:03 AM
    Just started happening here, too.
    Messages about Spotify are pouring in.

    Not that I am sad about it, it's not exactly a business critical application, but it is causing users some grief.

    Is this deliberate from Symantec?



  • 3.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:04 AM
    Same problem here. All my clients using Spotify suddenly receive this warnig.


  • 4.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:11 AM

    A Spotify employee writes this in their support forum: "We've made no changes to Spotify and there is nothing infecting it. It's possible that it's a false positive which we've seen before from anti-virus programs. " http://getsatisfaction.com/spotify/topics/spotify_defined_as_a_trojan_by_symantec#reply_1837534





  • 5.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:22 AM
    Same problem here.
    Need asap confirmation on that verifies the threat to reel or to be a false positive.



  • 6.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:23 AM


  • 7.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:34 AM

    Hi The file is subbmitted already and there is several open cases with this.
    Case: 411-147-522 - False Positive - spotify.exe detected as trojan - Tracking #14666799
     

    Seems that the test of the defs is limited according to Spotifyt they have 100 000 000 installation of the application.

    /Stickan



  • 8.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:35 AM


  • 9.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:38 AM
    Sorry 100 000 000 downloads 7 000 000 installations. Not yet released in US. Probalby why it is not tested.

    /Stickan


  • 10.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:41 AM
    It is business critical! Means I don't need to listen to the crap my boss says all day. Keeps me sane. I keep the network sane.

    Seeing annoying false positive here too. When can we expect the updated defs symantec?


  • 11.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 04:59 AM
    Hi,

    We are aware of this false positive and working on it.

    The definitions Spotify will be published very soon.

    This post will be updated as soon as the definitions are published.

    Best,
    Aniket Amdekar


  • 12.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 05:05 AM
    Hi All,

    Security Response have confirmed this is a false positive and have fixed the issue.

    If you are running SEP or SAV, then Rapid Release definitions have just been released dated 28/01/2010 rev. 2.

    They will be included in the next full release for both SEP and SAV.




  • 13.  RE: Spotify is detected as an Trojan Horse?
    Best Answer

    Broadcom Employee
    Posted 01-28-2010 05:12 AM
    Hi,

    Please refer to the link below:

    http://www.symantec.com/business/security_response/definitions/rapidrelease/index.jsp

    The sequence number of the definition is: 106370

    So, if you download the rapid-release definitions, the issue should be resolved.

    Please post a comment in this thread if you have applied the Rapid-Release definition mentioned above, and let us know if the issue has been taken care of.

    Cheers,
    Aniket


  • 14.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 05:20 AM
    At the same time, we started seeing blocks of   "install_flash_player.exe"  as well. Don't think I've seen that before.

    Related problem?


  • 15.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 07:01 AM
    We have started to se install_flash_player.exe as infected with a Trojan
    Is this fixed with the latest rapid release as well?
    I'm pretty sure that this is a false positive as well


  • 16.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 07:30 AM
    It would be helpful if the properties window for the quarantine showed the original file properties. That might help us determine the original source of the quarantined items.


  • 17.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 08:52 AM
    Thanks Aniket Amdekar,
    You’re latest response solved the problem.
    I installed the rapid-release definition and the problem is gone.

    I see this problem as resolved.
    Thanks again for the rapid response Aniket.


  • 18.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 09:00 AM
    Hi all,
    Must be a bit silly but I can't find out how to download rapid-release definitions.
    Anyone can help?

    This patch doesn't seems to work on Windows7...
    => symrapidreleasedefsv5i32.exe

    Thx



  • 19.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 09:15 AM
    We are also seeing huge amounts of alerts on install_flash_player.exe being quarantined as a Trojan Horse.

    Please advise on this ASAP




  • 20.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 09:44 AM
    @ rjouin

    That's not a silly question at all. I can't find it either.
    Please refer to a link.


  • 21.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 11:01 AM
    Well I'm REALLY stupid!
    - sorry what do you mean 'refer to a link'?
    Anyone know how to force Symantec endpoint protection to retrieve these latest defs?
    Maybe not business critical, but people ringing up helpdesk to advise of virus found is getting annoying


  • 22.  RE: Spotify is detected as an Trojan Horse?



  • 23.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 11:23 AM
    Re the 'solution' posted by Aniket Amdekar;

    Please bear in mind that most users, like myself, have no idea what to do with the information you supplied!  You may as well have written in Ancient Egyptian Hieroglyphs.

    "So, if you download the rapid-release definitions, the issue should be resolved."

    Well I found definition 106370 on the link you supplied but there must be over 50 downloads there!!

    Come on Symantec, you have to do better than this . . .


  • 24.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 11:33 AM
    Hi,

    Thank for pointing out the missing simplification of the technical details.

    Here is the info you should have received in the first post itself:

    How to update definitions for Symantec Endpoint Protection Manager using a JDB file

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/6a1ab5f037c03e488825736f0010829b?OpenDocument

    Applying rapid release definitions to a Symantec Endpoint Protection (SEP) client.

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/faa2b06a72ff5711802574500053e923?OpenDocument

    You need to download the jdb file provided in my origial link and then use the articles mentioned above.

    Cheers,
    Aniket


  • 25.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 12:53 PM
    I find it very complicated. I don't understand why Symantec can't do this automaticly through LiveUpdate. We are paying for this! And now it's up to US to fix a problem that THEY have caused?

    Hmmffph...

    Well, enough complaining.

    Yes davrog, I was thinking about that link, but I'm not sure which one to download.
    Because there are several downloads there. I have Win 7 ultimate 64bit. And my Symantec product is Norton Internet Security Online 2009 or 2010. So which one to download and install?
    I just need to fix this Spotify problem, nothing else....

    If the nice technician named Aniket would be so kind to explain this step by step for me, I would appreciate it enormously. Because the explaination by the links he posted is quite difficult to follow.

    regards
    MightyTor


  • 26.  RE: Spotify is detected as an Trojan Horse?

    Posted 01-28-2010 01:19 PM
    See more here on sans.org

    http://isc.sans.org/diary.html?storyid=8104

    First SEP does not like 2010 and now doesnt like Spotify & Flash.


  • 27.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 01:20 PM
    I see others are also seeing detections on install_flash_player.exe.  Has this issue also been confirmed with install_flash_player.exe?  If, so, will the rapid release correct that problem?

    Mark


  • 28.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 02:42 PM
    solved




  • 29.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 01-28-2010 10:21 PM
    Hi Mark,

    The Rapid Release sequence: 106382 will be able to solve this issue. If you use the rapid release definitions and use the articles I have mentioned in my previous post, the issue wuill be taken care of.

    Cheers,
    Aniket


  • 30.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 02-01-2010 10:20 AM
    I dont really care too much about spotify, unlike my 100-odd users who lost it and dont think too highly of Norton, but after trying various methods of updating sepm with rapid release versions, and waiting instead for live update to update it yesterday (why cant live update do it straightaway!), I now have the problem of my system showing 120 PCs infected with a bogus virus!

    Can anyone please tell me how I'm meant to clear this status from sepm without having to go to each individual PC and mark as cleaned? - And where do I send my bill to, Mr Norton?
    :)

    (by the way found a document :http://service1.symantec.com/support/ent-security.nsf/docid/2007100820002048?Open&seg=ent for supposed rapid definitions update for future reference...


  • 31.  RE: Spotify is detected as an Trojan Horse?

    Broadcom Employee
    Posted 02-01-2010 12:39 PM
    Hi,

    have you tried this document?

    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/baba48053d04317c882573980074b80d?OpenDocument

    -- Click on Advanced settings
    -- Click on Compliance Options
    -- check the box for "Infected Only"
    -- save the filter as "Infected computers"
    -- click on view logs, it showed all the computers in Infected status
    -- in the drop down manu where the defaul selection is "Selected", make sure that you select "all"
    -- click on clear infected status
    -- log out and log back into SEPM and wait for 10 mins
    -- after 10 mins, in SEPM home page, none of the computers should be shown as still infected

    Cheers,
    Aniket