Note: Please do not post Personally Identifiable Information like email address, personal phone number, physical home address, product key etc.
Issue abstract: A recent Norton AV update is flagging one of our custom DLLs created in Visual Studio 2022 as containing a heurestic virus.
Detailed description: Norton AV is removing a DLL necessary to make our applications work. It’s identified as:
Filename: sevenzip.dll
Threat name: Heur.AdvML.BFull Path: C:\path\to\our\app\sevenzip.dll
This particular file has been released since April, 2024 and was not being flagged until today. We’ve had several users contact us being unable to get into our applications.
Product & version number: Norton AV
OS details: Windows 10 and 11
What is the error message you are seeing? Our DLL is being deleted from disk, and any attempt to copy it back is being immediately deleted thereafter.
If you have any supporting screenshots, please add them:
I need to know how to whitelist our DLLs so this does not happen again. Is there a program, a form, something we can digitally sign and submit to prevent this from happening on future changes / releases with our software?
I wonder if there’s a legal recourse for this? The false positives generated on our legitimate software by Norton AV has cost us at least a day of development and support in trying to address our customers affected by their flaw.
Our software is a legitimate C/C++ app written in Visual Studio 2022, compiled with the latest libraries and mitigations. The fact that our code does something that looks like a virus to their one algorithm … it’s just unbelievable they can quarantine a file like that effectively shutting down the entire suite of our apps which use this DLL.
It shouldn’t be that a company like Norton can have such a powerful influence over so many businesses and people’s PCs. If they were to become malicious, for even accidental reasons, their software could completely cripple any infrastructures relying on Norton.
I actually view this as a large security threat now having been a victim of this (as if CrowdStrike wasn’t enough of a cue)!
Community urges developers to create works product folder and exclude same x 2.
Some scenarios this helps…some not.
What engine is flagging your dll? Auto-Protect or Data Protector?
Sorry, all my related content from old Community is Oops.
Is your creation free and publicly available?
Note; Norton may report two detections for the same event.
Auto-Protect. Most of our customers have had the same version of this DLL installed since April and have been using it every day. Something changed last night or this morning and we were getting multiple calls. It didn’t take us long to see they all had Norton AV, and we have a workaround. But, it requires us to devote time/energy to every customer who calls in. It’s very frustrating.
I don’t know which version. I’m not in support I’m a developer.
The last version of the apps we released were from earlier this year, the most recent update was April in one of our apps. The other ones were from March, Feb, etc. The DLL has been there this whole time. Nothing changed. It just started getting flagged as a virus and deleted today. It even rated it as a high threat.
I’m thinking a class action lawsuit by people who are impacted by these things. I’m thinking some new federal legislation to modify the terms of whatever governing legal code companies like Norton operate under, altering it so they can be held culpable (even criminally, or at the very least financially responsible) when they generate false positives on something that is legitimate, and their false positive negatively impacts a company financially, or in its reputation, or in some other material way, which this false threat has done to us.
“Norton™ is part of Gen™ - a global company with a family of consumer brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner.”
Terrifying!! How many users and corporations are putting their faith and trust in something that can literally bring them to an absolute halt over a false positive?
This is a truly unhealthy and fragile condition we’re in. I don’t think people realize it yet.
I just received notification that Norton has whitelisted our DLL and with Live Update it will take up to 24 hours for the new virus database to be pushed out.