False Positives

Norton 360 for Windows
1

Issue abstract: dealing with false positives

Detailed description: I have a file from a company called Datacolor that norton insists has a trojan in it. Datacolor insists its a false positive, i agree with them. So how do I tell Norton to leave th file alone. because despite it saying “repaired” I cant load it - and when I tried loading into a different directory orton came alond and quarentined it again…

Product & version number: 25.9.10453.953

OS details: Win 11

2

Hello Chris. First off where is the file that is being nailed located on your hard drive? If its located at C:\Windows or C:\Windows\System32 that is most likely malware trying to install. Software installs will NEVER install in the Windows root, always in Program Files or Program Files x 86.

Does the software include or is included in “SpyderUtility.exe” setup installer?

SA

3

Alas its its in Program Files(x86)\Datacolor\SpyderPRINT\

The file concerned is DC_SpyderPRINT.dll

So the instant the AV sees it its dead…

It comes from (via a link from Datacolor support ) SpyderPRINT_5.5_Setup exe, and the previous version was the same - and they both caused problems

So I’‘m toying with uninstalling Norton and going from there. Given I was hit by the Dropbox ‘problem’ I’m getting quite good at the uninstalling of Norton

C

4

Have you tried to run the installer in a sandbox via the Windows right click context menu to see if its nailed in that scenario? Below are what I see when looking at this installer and its attributes. The main issue I see is the certificate that most certainly is NOT a certificate.

spyderprint norton insight scan
spyderprint norton insight scan924×592 56.7 KB

spyderprint norton exe extracted to a folder scan
spyderprint norton exe extracted to a folder scan1010×674 58.6 KB

spyderprint certificate issues
spyderprint certificate issues363×509 32.9 KB

SA

5

Interesting, I ran it in the sandbox, and it caught the .dll and quarantined it. And got the same file insight you did (different dates obvs). And I ran a full system scan yesterday (it took a while) and no security risks or infected files…

I will have to try uninstalling norton although I’m toying with running it on my main PC to see what happens - if I do I’ll report back… All the time I still have to sort out this printer!

Oh and thanks for your support it’s appreciated…

C