Symantec generating a False Positive on Flash Player installer

Symantec generating a False Positive on Flash Player installer
If you are running Symantec antivirus, and trying to install Flash, and the Installer is being flagged as a Trojan Horse, now you know why. Seems there might be a false positive in Symantec's host based detection, flagging the Adobe Flash Installer as a Trojan Horse. This isn't a big slight, this happens from time to time, with the thousands and thousands of different types of detection that is done with an antivirus tool, it's actually fairly impressive that this type of thing doesn't happen more often. But it's happened before, and it will happen again. (Remember the Excel file fiasco that McAfee's AV caused?) Symantec is encouraging people that are affected to call Symantec support. I am sure this will be resolved very soon. Seems that the affected Revision is: 2010-01-27 rev 049. I'll update this post when it's corrected. -- Joel Esler \| http://blog.joelesler.net \| http://twitter.com/joelesler	Joel 454 Posts Jan 28th 2010
Thread locked Subscribe	Jan 28th 2010 1 decade ago
Had a couple of calls on this, this morning. My machine isn't effected with Jan 27, 2010 r49.	Anonymous
Quote	Jan 28th 2010 1 decade ago
We had 3 of these this morning. Thanks for the info.	Anonymous
Quote	Jan 28th 2010 1 decade ago
I wonder if it's flagging the actual Adobe Flash Player installer, or the Adobe DLM program that most people are duped into downloading from the Adobe site in order to simply get the Flash Player. Of course the latter tries to install other unwated 'goodies' such as Acrobat Reader, so I think it's only fair to flag it as spyware/malware...	Steven C. 171 Posts
Quote	Jan 28th 2010 1 decade ago
We had the problem here for several machines. It looks like the older Adobe Flash installer version 10.0.22.87 for Firefox is the one being detected as a Trojan Horse. I downloaded this older version from Adobe and it detected it wit hthe 1/27/2010 r49 definitions. I uploaded the installer to Symantec's submission web site in response to a case I had opened and they said it was clean. Rapid Release for 1/28/2010 r7 still detects it. I suspect a definition update that comes out later today will correct it.	Steven C. 3 Posts
Quote	Jan 28th 2010 1 decade ago
I also wanted to note that the current version of Adobe Flash player is 10.0.42.34.	Steven C. 3 Posts
Quote	Jan 28th 2010 1 decade ago
I'll take an occasional false positive, since it's blocking about 6-12 FakeAV install attempts a day in my environment.	Shawn 29 Posts
Quote	Jan 29th 2010 1 decade ago
I've confirmed that the Symantec definitions dated 1/28/2010 revision 25 or later correct this false positive detection.	Shawn 3 Posts
Quote	Jan 29th 2010 1 decade ago