This forum thread needs a solution.
Kudos0

Large numbers of random false positives (Trojan.Gen.NPE.2)

Posted: 01-Aug-2018 | 5:17PM · 4 Replies ·

Hi all,

Over the last few days, Norton Security version 22.14.2.13 running on a number of Windows 10 PCs in my home has started throwing large numbers of false positives all for the same catchall definition: Trojan.Gen.NPE.2.  The one thing the files subject to these false positives all have in common is that they're significant Windows files like dcdiag.exe or wevtsvc.exe.  

What clued me in to this being a rash of false positives was that it impacted machines that are heavily used AND two brand new machines that'd literally been out of the box less than an hour and only connected to a separate, isolated network with an aggressively filtered VPN and never so much as had a web browser run on them before.  What removed all doubt was that after I'd inspected the files, determined they were clean, and restored them without adding exceptions, the next full system scan I ran declared them clean... but then flagged a completely different collection of essential executables as Trojan.Gen.NPE.2.  Lather, rinse, repeat... I've been at this for three days with no end in sight with these false detections periodically breaking various Windows functions.

I've submitted all the files to Norton, and each new definition update cheerfully exonerates the last batch and flags an entirely new set of files as Trojan.Gen.NPE.2

Is anyone else out there having this issue, and is there a way to contact Symantec and have them initiate some kind of review to address the problems with their Trojan.Gen.NPE.2 definition so it stops quarantining clean Windows files?

Labels: False Positive, Norton Support, Quarantine, Threat Detection

Replies

Kudos0

Re: Large numbers of random false positives (Trojan.Gen.NPE.2)

Posted: 01-Aug-2018 | 5:53PM · Permalink

You can exclude the signature for trojan.gen.npe.2 to stop your current detections. Just remember that if any genuine malware that matches that signature gets on the machine, it will not be detected. This Norton KB article explains how to exclude the signatures. Be patient while the list of signatures loads. It may appear the window had frozen, but it just takes a little time to populate the list.

https://support.norton.com/sp/en/us/home/current/solutions/v115455517_En...

Kudos0

Re: Large numbers of random false positives (Trojan.Gen.NPE.2)

Posted: 01-Aug-2018 | 6:15PM · Permalink

Yeah, I know I can exclude the signature... and if it were just my machine, I would.

(It's an inadvisable option in my case, because some of the affected machines belong to family members who are not particularly computer literate or well-versed in the practical paranoia of online security... one of whom is moving out of state for grad school.  You can understand my reluctance to send him off with a hole in his PC's security that I may not get a chance to re-close until a year or two from now.)

That's why my question was if there was a protocol for getting Symantec to bring those serial false positives to Symantec's attention directly... 

Kudos0

Re: Large numbers of random false positives (Trojan.Gen.NPE.2)

Posted: 01-Aug-2018 | 6:27PM · Edited: 01-Aug-2018 | 6:41PM · Permalink

Latest Daily Certified version August 01, 2018 revision 024
Trojan.Gen.NPE.2 is a generic detection for non-PE threats for which specific definitions have not been created. A generic detection is used because it protects against many other threats that share similar characteristics. Files that are detected as Trojan.Gen.NPE.2 are considered malicious.

If you have reason to believe that your files are incorrectly detected by Symantec products, you can submit them to Symantec Security Response for further analysis.

https://www.symantec.com/security-center/writeup/2016-122106-5606-99 

You can > submit them to Symantec Security Response < for further analysis...n'/or > Chat with Official Norton Support <.

Kudos1 Stats

Re: Large numbers of random false positives (Trojan.Gen.NPE.2)

Posted: 02-Aug-2018 | 2:21AM · Permalink

Hi @MacrossMike,

Thanks for reporting in Norton Community Forums. Can you let us know if you are still facing this issue with latest Norton definitions? Please run LiveUpdates until no updates available message and restart the computer. Also, make sure you have latest version of Norton product update is installed. 

Can you please share False Positive submission tracking numbers via private message to me for further investigation? 

Sunil_GA | Norton Community Administrator | NortonLifeLock

This thread is closed from further comment. Please visit the forum to start a new thread.