• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Lightworks uninstall.exe: false positive for SAPE.Heur.9CED7?

Ran a complete scan with Norton Internet Security version 22.5.4.24 on Windows 10 Pro 64-bit with the latest virus definitions.

It found a high severity threat  which I submitted to Symantec:

On computers as of  2015-10-20 at 15:54:20

Last Used 2015-10-20 at 15:56:22 SAPE.Heur.9CED7Full Path: c:\program files\lightworks\uninstall.exe from: http:// www . lwks . com/dmpub/lightworks_v12.5.0_full_64bit_setup . exe

This seems a bit odd, as the package originated from the vendor site (LightWorks).

I uploaded the uninstall.exe to VirusTotal.com to be analysed by 56 virus different scanners. Only Symantec flagged the file as a threat here. 

Can it be that Norton Internet Security found a false positive for this file?

Your response is appreciated.

Kidn regards,

Dave

Labels: VirusDefs

Replies

Kudos0

Re: Lightworks uninstall.exe: false positive for SAPE.Heur.9CED7?

Just found the message above in the Forum and sumitted the suspected false positive to https://submit.symantec.com/false_positive/

Cheers,

Dave

Kudos1 Stats

Re: Lightworks uninstall.exe: false positive for SAPE.Heur.9CED7?

The Dev Team have confirmed that Lightworks does use NSIS (Nullsoft Scriptable Install System), which has been seen to be subject to AV false-positives. Personally I would recommend putting installer packages through wxw. virustotal.com prior to install, as no single AV is perfect. In this case, as the software was downloaded from lwks.com, you can be confident that it's clean. 10 months, 3 weeks ago

TOPIC: Anti-virus detected Lightworks uninstall as a virus
http://www.lwks.com/kunena&func21&id=83789&Itemid=81#83926 

Kudos0

Re: Lightworks uninstall.exe: false positive for SAPE.Heur.9CED7?

Thanks, I searched the lwks.com forum before, and found the one post too, but the search did not show the site admin response you refer to, so that was helpful.  

I assume the uninstall the safe to keep.

Cheers,

Dave

Kudos0

Re: Lightworks uninstall.exe: false positive for SAPE.Heur.9CED7?

Still best practice, your submission to Symantec Permalink for review...
Thanks

Kudos2 Stats

Re: Lightworks uninstall.exe: false positive for SAPE.Heur.9CED7?

Hi @davepmiddleton

Based on the details you shared we were able to reproduce the detection and confirm that the "uninstall.exe" was being detected. The file has been analyzed and no malicious activity was found, hence the file has been whitelisted.

Please run LiveUpdate to get the latest definitions and re-scan the file to ensure that it's not being detected anymore.

Thanks,
Prasad B

Kudos0

Re: Lightworks uninstall.exe: false positive for SAPE.Heur.9CED7?

Thanks Prasad and the Norton Community for the quick response.

That was an effective and quick handling of the false positive report.

I will place the Norton response in the Lightworks forum as well.

Kind Regards,

Dave

This thread is closed from further comment. Please visit the forum to start a new thread.