I downloaded the Yubico Authenticator app directly from the Yubico site and from the Microsoft Store. In both cases, Norton Security reports a Heur.AdvML.B virus in the authenticator-helper.exe file.
Has anyone else run into this? Thanks!
Thanks
Thanks to your message, I just checked - all good now - no more false positive.
GaryJE:Thanks for your reply and confirming my findings.
R U still seeing False Positive on Yubico Authenticator?
GaryJE:Submission ID is: 4968a3d8-1edd-4e87-92ee-80356dd2defd
@GaryJE ~ Thanks!
Submission ID:
4968a3d8-1edd-4e87-92ee-80356dd2defd
Submission type: False positive
Submission status: We have received your submission and queued it for processing
Submission details: Received
Updated: Thu, 22 Feb 2024 https://submit.norton.com/?type=CHECK&submission_id=4968a3d8-1edd-4e87-92ee-80356dd2defd
Your submission was successful
Submission ID is: f28a454e-4e61-4acd-86c8-20483ca61a8d
Please store this for future reference.
//check submission statusSubmission ID:
f28a454e-4e61-4acd-86c8-20483ca61a8d
Submission type: False positive
Submission status:Your submission is being processed
Submission details: Analyzing (up to 48 hours)
Updated: Thu, 22 Feb 2024 https://submit.norton.com/?type=CHECK&submission_id=f28a454e-4e61-4acd-86c8-20483ca61a8d
Submission ID is: 4968a3d8-1edd-4e87-92ee-80356dd2defd
Will you submit false positive?
5 security vendors and no sandboxes flagged this file as malicious
2469a0de4f5d482e2710c958cb012f16990ec039e7ba2b301a463377faca7bbc
authenticator-helper.exe
Size
5.79 MB
Thanks for your reply and confirming my findings.
Filename: authenticator-helper.exe
Threat name: Heur.AdvML.B
Full Path: C:\Program Files\WindowsApps\YubicoAB.YubicoAuthenticator_6.4.0.0_x64__pjam772p9bs2g\VFS\
ProgramFilesX64\Yubico\Yubico Authenticator\helper\authenticator-helper.exe
On computers as of
2/22/2024
Last Used
2/22/2024
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
authenticator-helper.exeThreat name: Heur.AdvML.B
Many Users
Thousands of users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
Source: External Media
Source File:
authenticator-helper.exe
File Actions
File: C:\Program Files\WindowsApps\YubicoAB.YubicoAuthenticator_6.4.0.0_x64__pjam772p9bs2g\VFS\
ProgramFilesX64\Yubico\Yubico Authenticator\helper\authenticator-helper.exe Removed
File Thumbprint - SHA:
2469a0de4f5d482e2710c958cb012f16990ec039e7ba2b301a463377faca7bbc
File Thumbprint - MD5:
437b0106dcee257648484abd742c8d27
https://www.yubico.com/products/yubico-authenticator/#h-download-yubico-authenticator
```````````````````````````````````````````````````````````````````````
Filename: yubico-authenticator-6.4.0-win64.msi
Full Path: c:\User\Edge\user\current\Desktop\yubico-authenticator-6.4.0-win64.msi
Developers
Yubico AB
Version
Not Available
Identified
2/22/2024
Few Users
Fewer than 100 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
Good
Norton has given this file a good rating.
https: //developers.yubico. com/yubioath-flutter/Releases/yubico-authenticator-6.4.0-win64.msi
Downloaded File from yubico.com
msedge.exe
File Created:
yubico-authenticator-6.4.0-win64.msi
File Thumbprint - SHA:
70e4433a59edb6c9bec68fcadb5059e0e515ae49dd49457b5d883716aac090e6
File Thumbprint - MD5:
478d180557f6f307d2183bf7edfe6e5a
Report a suspected incorrect detection to Norton
https://support.norton.com/sp/en/us/home/current/solutions/v126152382
Submit a file to Norton
https://support.norton.com/sp/en/us/home/current/solutions/kb20090602171902EN
Respond to incorrect Norton alerts that a file is infected or a program or website is suspicious
https://support.norton.com/sp/en/us/home/current/solutions/kb20100222230832EN
Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.
For second opinion choose File &/or Search hash at VirusTotal