Endpoint Protection

 Detection of DLL as Heuristic Virus after Recent Symantec Update

Pannag Prabhu's profile image
Pannag Prabhu posted Sep 30, 2024 04:45 AM
Hello,
I’m encountering an issue where Symantec Endpoint Protection is detecting one of the DLL files used in my application as a heuristic virus. Let us say the file name is "abc.dll". This detection has started with the update released on 13th September 2024 - Live Update ID: 20240913.061 - of the Symantec Endpoint Protection. Before receiving this update (20240913.061) there was no issue with respect to the same DLL file.
 I have attached the screenshot of the quarantine logs. Currently we have the Symantec Endpoint Protection v14.3.7393.4000 installed in our systems.
 The details of the issue are as follows:
  • The DLL file has been in use without issue prior to the update 20240913.061 received on 13th September 2024.
  • The issue is only observed on Windows 10 22H2 systems. It does not occur on Windows 10 21H2 or Windows 11 with same version of Symantec Endpoint Protection.
  • After adding a digital signature to the DLL, the issue is no longer observed on affected systems.
Could you provide any insight as to why this detection might be occurring. Is there a way to prevent this from happening in the future?
Any assistance or guidance on resolving this would be greatly appreciated.

NOTE: I have also observed that a DLL related to Symantec has also been detected as Heuristic Virus. You can find it in the attached screenshot.

Regards,
Pannag
Quarantine Log