A new version of the Lastpass toolbar was released late this week, and I dutifully installed it on my systems. During the installation, I was prompted by Symantec that less than 5 computers have been seen with this file thus I should only install it if I am sure it is safe. I clicked allow and continued the install. After the install winbiostandalone.exe was detected as Suspicious.Cloud.5.
Suspicious.Cloud.5 is a detection technology designed to detect entirely new
malware threats without traditional signatures. This technology is aimed at
detecting malicious software that has been intentionally mutated or morphed by
So Symantec has become much more aggressive at tagging unknown files as suspicious and also uses aggressive heuristics to block files that have “bad” behavior. Symantec suggests that software developers submit their applications and new versions to https://submit.symantec.com/whitelist/isv/. Unfortunately it looks about as responsive and communicative as submitting to the app store. The form says it will take “a number of weeks” to whitelist software and you won’t hear back if your request is denied. If your application development includes a Release to Manufacturer period then you might have time for this delay. When you’re just releasing an update, I can’t imagine waiting on Symantec to whitelist you app. I can’t imagine a true application whitelisting app like Bit9 taking so long.
The file winbiostandalone.exe, according to the LastPass forum thread discussing this issue, is used with the fingerprint reader. So if you don’t use a fingerprint reader with LastPass you can just ignore this. I submitted the file detection as a false positive, but from what the Symantec forum says it is now a 72 hour turnaround for that report.
So what do you do? As an individual, you probably just ignore it. It is not an actual virus. An enterprise SEP admin could add whitelisting of the files involved and the download site. What about other applications. As I roll out SEP 12.1 to more employees, I figure I’ll be seeing a lot more of issues like this.