• Toute la Communauté
    • Toute la Communauté
    • Forums
    • Idées
    • Blogs
Avancé

Pas ce que vous cherchiez ? Demandez aux experts !

Remerciements0

Detection of D language source files

I've noticed that Norton Security has a habit of detecting files related to the D programming language as malicious. This includes files such as dub.exe (a D language build tool and package manager), libcurl.dll (distributed by DUB to allow D programs to link against curl), and even my own source code files for D (as in text source, not compiled binaries). This is quite disruptive to my work when Norton quarantines dub in the middle of a build. I've found a temporary solution in adding D related source directories to Norton's exclude list, but this shouldn't be necessary. Especially for the source files, which are harmless plain text. 

I've attached one of the source files Norton quarantined during one of my builds. (.d extension renamed to .txt) This file is a third party date formatting library written in D (and is open source on GitHub). 

Thématiques: False Positive

Réponses

Accepted Solution
Remerciements1 Stats

Re: Detection of D language source files

Developers often have trouble while working on their projects. Your excluding the D related files is a good start. What I usually suggest is creating a folder for all your projects. Then exclude that whole folder from both sections in the image below. 


Things happen. Export/Backup your Norton Password Manager data.
Remerciements1 Stats

Re: Detection of D language source files

You should exclude the directory where your complied binaries end up. The false positives in the complier (and connected files) should be submitted as false positives to Symantec/Norton:

https://submit.symantec.com/false_positive/

Is the program you are using to write/compile your D language programs free to download? If so where?

Remerciements0

Re: Detection of D language source files

I mainly use the open source Digital Mars D compiler (DMD), though Norton has had issues more so with the LLVM D compiler (LDC). Both are available at https://dlang.org/download.html.

I submitted the DUB build tool (distributed with both DMD and LDC) as a false positive last night, and will submit other files like libcurl.dll today. 

Remerciements0

Re: Detection of D language source files

TransientResponse:

I mainly use the open source Digital Mars D compiler (DMD), though Norton has had issues more so with the LLVM D compiler (LDC). Both are available at https://dlang.org/download.html.

I submitted the DUB build tool (distributed with both DMD and LDC) as a false positive last night, and will submit other files like libcurl.dll today. 

I'm not seeing detections (but I'm not using the files either). Perhaps some of the detections are resolved and/or are being detected partially based on behavior? What were the files detected as?

Remerciements0

Re: Detection of D language source files

So upon further review of Norton's logs, it looks like the detections of source files I saw was wrapped up in the detection of dub as it was building the dateformat package. dub was detected as SONAR.ProcHijack!g11, which is probably related to its behavior of downloading source files from the internet, saving them to disk, and then calling in to the DMD compiler to build and link them. I suppose this is very suspicious behavior if you don't know that it's a build tool. 

Interestingly, the version of DUB distributed with the LLVM D Compiler (which was newer than DMD's) was detected by Download Insight as WS.Reputation.1. 

On a positive note, Symantec's verified that the detection of libcurl.dll is erroneous and will be removed. 

Remerciements0

Re: Detection of D language source files

Ah, I see. SONAR detections are behavior based, and reputation one was already resolved.

This thread is closed from further comment. Please visit the forum to start a new thread.