-
Notifications
You must be signed in to change notification settings - Fork 412
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Symantec intercepts hello.red when explicitly targeted to Windows #500
Comments
Indeed, this is the virustotal report for future reference. |
There are a few header entry values that needs to be fixed, we'll see if that makes the binaries pass the AV heuristics, if not, we'll contact each AV vendor for whitelisting them. |
I have submitted false positive reports to a few vendors, waiting for their acknowledgement. |
I have received an answer from Symantec:
I cannot give them any details about the Symantec product used as Virustotal does not give such information... A new test on VirusTotal shows that other AV vendors have fixed their heuristics, but AntiVir and Symantec have not. |
A new scan on virustotal still shows the false positive. I have resubmitted a new report to Symantec, hoping that this time they will do something about it. |
Symantec is not reporting any false positive in a new scan, so I'm closing this ticket. |
When the example script hello.red or a home-brewed script is compiled with option
-t Windows
, the executable is intercepted by Symantec Endpoint Protection (12.1.1101.401), due to the risk "Suspicious.Cloud". This concerns Red v0.3.2, compiled on a Windows Vista platform.It does not happen when I compile with
-t MSDOS
or with no target option at all. (May I conclude that MSDOS is the default target on a Windows platform?)For hello.reds and other Red/System programs, I see no difference whether it's compiled with Windows or MSDOS as target: the executables look pretty much the same and Symantec keeps quiet.
The text was updated successfully, but these errors were encountered: