Symantec False Positive in Flash install file

By Roger on January 28, 2010 11:07 AM | No Comments | No TrackBacks

I noticed a bunch of computers reporting install_flash_player.exe as a Trojan Horse this morning. My first stop was the Symantec Forum where a bunch of users were already discussing this.

Since it appeared to be a false positive in an older install file for Adobe Flash, I set out to see which version of Flash was getting hit. Adobe has a archive of Flash players. I downloaded a zip with every version of Flash 10 and unzipped it to my hard drive. I got a detection on flashplayer10r22_87_win.exe. Once that was quarantined the easiest thing to do was go into my local quarantine, right-click and submit to Symantec.

A Symantec support employee points out the KB for false positives and the virus submission website https://submit.symantec.com/websubmit/gold.cgi. To use that I would have had to disable real time protection, and unquarantine the file. So it was easier to submit from within Symantec. I'm running 1/27 r49 definitions.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://www.infosecblog.org/mt-tb20071121.pl/972

Leave a comment

Categories

Archives

Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Follow me on Twitter
Got Backups? Get Safe Online Remember Rick Rescorla
Powered by Movable Type 4.31-en

Search

About this Entry

This page contains a single entry by Roger published on January 28, 2010 11:07 AM.

Adobe Shockwave Update was the previous entry in this blog.

January Patches is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.