Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - Bad Symantec Virus Defintions Update InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Bad Symantec Virus Defintions Update

Published: 2009-03-27
Last Updated: 2009-03-27 19:31:49 UTC
by David Goldsmith (Version: 1)
0 comment(s)

We had a report earlier today about problems with non-malicious PDF files getting flagged by the Symantec AntiVirus 10 and Symantec Endpoint Protection 11 products.  The March 26, 2007 rev 7 definitions appear to be the cause of the issue.  The PDF files were getting flagged as Bloodhound.PDF.6 based on hueristics detection.

There is also a thread about this issue on Symantec's forum today.

If you upgrade your signatures to revision 67 or later, or use the Rapid Release definitions whose sequence number is 93430 or higher, the problem appears to have been resolved.

 

Keywords:
0 comment(s)
Diary Archives