Endpoint Protection

 View Only
  • 1.  Bloodhound.Sonar.9

    Posted Jul 10, 2012 05:43 AM

    Hello,

     

    I am using a tool .NET Reactor from http://www.eziriz.com to obfuscate my .NET EXE application.

    When trying to run my application after obfuscate Symantec recognize my application that it is infected with Bloodhound.Sonar.9 where there is no Virus in my application.

     

    How to solve this problem please?

     

    Kind Regards,

    Asaf



  • 2.  RE: Bloodhound.Sonar.9

    Trusted Advisor
    Posted Jul 10, 2012 05:48 AM

    Hello,

    Bloodhound.Sonar.9 is a heuristic detection for processes based on certain attributes. 

    http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99

    Files that are detected as Bloodhound.Sonar.9 may be malicious. We suggest that you submit any such files to Symantec Security Response. For instructions on how to do this using Scan and Deliver, read Submit Virus Samples.

    Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Submitted files are analyzed by Symantec Security Response and, where necessary, updated definitions are immediately distributed through LiveUpdate™ to all Symantec end points. This ensures that other computers nearby are protected from attack. The following resources may help in identifying suspicious files for submission to Symantec.

    Hope that helps!!



  • 3.  RE: Bloodhound.Sonar.9

    Broadcom Employee
    Posted Jul 10, 2012 05:49 AM

    Hi,

    It's a probably false positive.

    Best Practice when Symantec Endpoint Protection or Symantec AntiVirus is Detecting a File that is Believed to be Safe

    http://www.symantec.com/docs/TECH98360

    Restoring a false positive file detection from the Symantec Endpoint Protection quarantine

    http://www.symantec.com/docs/TECH150607

    About managing false positives detected by TruScan proactive threat scans

    http://www.symantec.com/docs/HOWTO27058

    I would also recommend you to submit the Files to the Symantec Security Response Team.

    You would have to Submit the Files to the Symantec Response Team on  the Following Sites:

    https://submit.symantec.com/false_positive/

    https://submit.symantec.com/websubmit/gold.cgi

    http://www.threatexpert.com/submit.aspx

    Note: ThreatExpert is owned by Symantec.

    Check technical details as well:

    http://www.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99&tabid=3



  • 4.  RE: Bloodhound.Sonar.9

    Posted Jul 10, 2012 07:22 AM

    You can add it as an exception:

    Open the GUI

    Change Settings

    Exceptions >> Click Configure Settings

    Add

    SONAR Exception

     



  • 5.  RE: Bloodhound.Sonar.9

    Posted Jul 10, 2012 08:01 AM

    Hi,

    Adding as Exceptions is not an option as my application is going to be published to all of my customers.



  • 6.  RE: Bloodhound.Sonar.9

    Posted Jul 10, 2012 08:09 AM

    What about adding a global exception for all users?

    If not, you will need to follow the links provided above.