• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Confirm Detection

I have purchased and downloaded a product from DxO Software.  It's a collections of filters for Photoshop.  Norton Security is detecting it as a Heuristic Virus with the threat name Heur.AdvML.B.  The vendor has indicated this is a false-positive from Norton.  I have tried submitting this twice but keep getting an error that the URL provided does not link to a file (which it does).

I was hoping someone would be able to check to see if the file is detected as clean.  Here is the link...

https : //download - center . dxo . com/nikcollection / v2018/Win/DxO_Nik_Collection(dot)exe

Replies

Kudos1 Stats

Re: Confirm Detection

FWIW ~ I made submission with info provided.   I'll update if/when I hear back. 

The download requires Trial Confirmation.   So, IDK....may be problem for Norton back-end but, if/when I hear..... I'll update. 


CONFIRMATION

Your submission has been sent Sun Jan 13 18:52:20 UTC 2019. To make another submission, click here.


Please if possible.....can you provide more what Norton told you regarding this event.

For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.


Edit: VirusTotal returns No matches. 
file too large for upload and file hash returns No matches. 

Kudos0

Re: Confirm Detection

Thanks for submitting.  I attached the details in a text file.

File Attachment: 
Kudos1 Stats

Re: Confirm Detection

Thanks.  I'll try re-submit with added info. 

The download from DxO required (for me) Trial Confirmation.   

So, IDK....may be problem for Norton back-end but, if/when I hear..... I'll update. 

Kudos1 Stats

Re: Confirm Detection

download (for me) from opening post has different SHA from your attached txt file ?

File: DxO_Nik_Collection.exe
File size: 392 MB (410,750,000 bytes)
MD5 checksum: 2FF2F1B070A5BD797388AECCBF11F5DE
SHA1 checksum: 72237477CCC80EF85AD8DD4AF034C4567F2BBE99
SHA256 checksum: 4BEBF21F4BD5E4E681FC7F2B32AC8166EBE1758415079193D0E838A179D8A6D7
 

your attached txt file

File: C:\Users\SJMarty\AppData\Roaming\IDM\DwnlData\SJMarty\DxO_Nik_Collection_36\ DxO_Nik_Collection.exe Removed
____________________________


File Thumbprint - SHA:
b7ca76a7c073599db83524d8d51469fa0d6c1949f7a52af3369194bfa64647db
File Thumbprint - MD5:
9c38340f0b6651645156b6def6f67bae

Um, did Norton detect on file download or file launch? 
I had presumed file was detected on download.  Based upon location path I'll presume file was detected upon install / launch?   Correct me?

AFAIK ~ Norton back-end review does not install every software and watch what soft does.  

@SJMarty

Kudos1 Stats

Re: Confirm Detection

Heur.AdvML.B info: https://www.symantec.com/security-center/writeup/2016-051811-2400-99

Norton users: To learn how to submit a file to Symantec Security Response using Norton products, please read the following document:  Manually submitting an item to Symantec.

Curious, were you able to manually submit item thru Quarantine.  

Accepted Solution
Kudos1 Stats

Re: Confirm Detection

In relation to submission 128307.

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: DxO_Nik_Collection.exe
    MD5: 2FF2F1B070A5BD797388AECCBF11F5DE
    SHA256: 4BEBF21F4BD5E4E681FC7F2B32AC8166EBE1758415079193D0E838A179D8A6D7

Note: Whitelisting may take up to 24 hours to take effect via Live Update
    File name: BCE55302136A5018B1C66418E488C557982DED7336E195D7FA658B8338AF1CFA
    MD5: 585C4C97A89D47C0E44226FD5BC3A42F
    SHA256: BCE55302136A5018B1C66418E488C557982DED7336E195D7FA658B8338AF1CFA

If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.
Sincerely,
Symantec Security Response

IDK if 128307 satisfies your issue.  I'll update if/when I hear back from re-submit with added info. 

Kudos0

Re: Confirm Detection

They added it and all is well now.

Thank you so much!

This thread is closed from further comment. Please visit the forum to start a new thread.