Since yesterday Norton / Symantec products start removing a file of our software product we've create. I've submitted 3 version's of the file as false positive.(like this on: False Positive submission (44982)).
The reply is: "Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:"
I can confirm that that specific version of the file isn't removed anymore. But we have a lot more versions that are being deleted by Symantec. Even if a build a new version of the file get's deleted. The Symantec product are currently deleting these none submitted versions of this file at out computers and our customers computers. We are getting a lot of calls support calls for that. We really need a solution for this.
The file does not contain a virus, we have a lot of versions and there will be a lot of new versions in the future, what can be done about this?
But I've scanned the forums and I did chat with Norton Support. Norton adviced us to call with Symantec and gave me a phone number. Symantec told me to whitelist our software, so I did.
Saterday they confirmed that the version now is whitelisted:
"In relation to software whitelist submission 4118634.
We have added this version of the software to our whitelist.
Whitelisting is file specific. A new version of your software may have new files and thus new versions of the files would not be known to us. This could result in a false positive occurring on the new files.
In order to mitigate this risk, we recommend submitting new versions of your software to us."
But our buildmachine already made a new version of our software, we use nightly builds and deploy as fast as possible to our clients. This new builds is again effected by the virus scanner. So this is not a solution to this problem.
Next advice is to exclude the effected file in Norton/Symantec. This will help on my system and our buildmachine (we already deployed this solution to our systems) . But I don't have acces to the systems of our customers, so now Iwe have tot call all our customers, ask if they use a Symantect product and then find somebody who can change the settings in Norton/Symantec and convince them that our software really isn't a virus...
The problem is that our software contains no virus or other threads, other scanners detects nothing and if I submit the file to https://submit.symantec.com/false_positive/ there is no problem either.
Since yesterday Symantec starts deleting the files at our customers computers using Symantec products. There is no virus, there is no trhread, still Symantect deletes the files and causes big problems for customers and us. I think it makes more sence that Symantec fixes this problem and stop deleting a healthy file.
We build new versions every night, you can't expect us to whitlelist every single version, wich contain no virusses at all, just because Symantic falsly detects there is a virus pressent...
Option 2) Have your software proactively whitelisted
Our software whitelisting program offers software authors and vendors the opportunity to periodically submit software for inclusion in the Symantec whitelist of known good software in order to reduce the possibility of false positives.
Important: The whitelisting program is not for resolving current, in-field false positives.
To prevent false positive detections we strongly recommend that you digitally sign your software with a class 3 digital certificate.
Code signing from a recognized and trusted Certificate Authority provides explicit third-party confirmation of the publisher’s identity.
It also helps ensure the integrity of the application since it indicates that code has not been tampered with since the initial digital signature. Our Symantec whitepaper discusses the topic further and includes details surrounding best practices for digitally signing your software.