Update 3.0.4 brought a (possible) threat within

Technical issues and help in: forum registration/posting, account creation/confirmation, platforms and licenses issues.

Moderator: Oleg

seekil
Posts: 2
Joined: Fri Feb 15, 2013 5:14 am

Update 3.0.4 brought a (possible) threat within

Post by seekil »

To begin with: Thank you for the new update!

My Norton Internet Security seems to be finding a possible threat in a file \zmodeler3\shared\codelib.zmx
The file is suspected as Suspicious.Cloud.5.
Edit: (Ok, now I'm not understanding something. Norton IS tells that the threats name is this Suspicious.Cloud.5, but the webpage I linked there tells that "Suspicious.Cloud.5 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers."
Isn't that something!
)

This occurred the first time when ZModeler was updating itself via auto-updater. I thought I could go around the problem by installing fresh ZModeler from the download link, but it seems (to me) that this finding is connected somehow to the programs auto-updater. Every time I start Zmodeler and (I assume) the auto-update check is being made Norton detects the connection attempt and quarantines instantly the file. I'm unable to affect Norton's behaviour myself, because Norton detects the file as being a high risk thus not allowing me to allow continuing the use of the file (such as restoring the file).

Any ideas from the development team? False-positive here or not?
User avatar
Oleg
Site Admin
Posts: 14045
Joined: Fri Feb 06, 2004 3:54 am
Contact:

Re: Update 3.0.4 brought a (possible) threat within

Post by Oleg »

I have submitted this into false positive report at Symantec. It might take some time for them to reflect changes. This was the case with previouse version (3.0.3) and took about a 3-5 days for them to issue an update...

Unfortunally, I don't know what exactly causes a false positive alert and I can't change the code to prevent it been considered as malware.

Currently, you can try to add ZModeler into white-list or "trusted software" (but I doubt it's possible since there is no digital signature on ZModeler files).
seekil
Posts: 2
Joined: Fri Feb 15, 2013 5:14 am

Re: Update 3.0.4 brought a (possible) threat within

Post by seekil »

Oleg wrote:I have submitted this into false positive report at Symantec. It might take some time for them to reflect changes. This was the case with previouse version (3.0.3) and took about a 3-5 days for them to issue an update...

Unfortunally, I don't know what exactly causes a false positive alert and I can't change the code to prevent it been considered as malware.

Currently, you can try to add ZModeler into white-list or "trusted software" (but I doubt it's possible since there is no digital signature on ZModeler files).
Thank you Oleg for your quick answer.

After all I could get the Norton not to 'care' about the file I mentioned earlier. Basically I took the file out of quarantine and then Norton asked should it not care about the file in the future when conducting searches.
I'm glad you are ahead of your time and have thought that out already to inform Symantec about their product :D

I apologize, I actually forgot to check beforehand if there would've been a thread about the same matter already.

And thank You again :)
Post Reply