Dieser Thread braucht eine Lösung.

Heur.AdvML.B Detected in C++ Boost Library & Visual Studio

Recently started receiving Heur.AdvML.B Auto-Protect exceptions where the indication for the issue is the C++ boost library use of zstd.exe. The error is only reported when testing applications using the Visual Studio debug environment (far as I can tell). I have scanned all of the zstd.exe files located in the boost vcpkg deployment without any Norton findings reported (scan now/file Insight). 

I assume this is a false positive indication and can be ignored.

Norton 360: version
Window 10 pro: 22H2, build 19045.3393

The File Insight info is below:
Filename: Heur.AdvML.B
Full Path: Not Available
On computers as of Not Available
Last Used      09/01/23 at 10:39:31

Startup Item No
Launched No
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

Locate Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown This file release is currently not known.

High This file risk is high.

Source: External Media

File Actions

File:................\vcpkg\buildtrees\boost-iostreams\x86-windows-dbg\boost\standalone\ac\be5942cda3c3f2780e89dae0e486e1dd\zstd.exe No fix attempted
File Thumbprint - SHA: Not available
File Thumbprint - MD5: Not available



Re: Heur.AdvML.B Detected in C++ Boost Library & Visual Studio

When developing software, there can be code added for debugging and diagnosing bugs. When this code runs, Norton can detect it as malicious. 

As a developer, you need to create a master folder for all your projects. Then exclude that folder and all sub folders from Both items in the image below. 



Re: Heur.AdvML.B Detected in C++ Boost Library & Visual Studio


I was a bit surprised as this just started happening recently. I already exclude my development area but had left the vcpkg path and other 3rd party development content active for scanning on the off-chance something gets slipped into the providers repository that is introduced during regeneration of the library content.

This thread is closed from further comment. Please visit the forum to start a new thread.