|
If you are running Symantec antivirus, and trying to install Flash, and the Installer is being flagged as a Trojan Horse, now you know why. Seems there might be a false positive in Symantec's host based detection, flagging the Adobe Flash Installer as a Trojan Horse. This isn't a big slight, this happens from time to time, with the thousands and thousands of different types of detection that is done with an antivirus tool, it's actually fairly impressive that this type of thing doesn't happen more often. But it's happened before, and it will happen again. (Remember the Excel file fiasco that McAfee's AV caused?) Symantec is encouraging people that are affected to call Symantec support. I am sure this will be resolved very soon. Seems that the affected Revision is: 2010-01-27 rev 049. I'll update this post when it's corrected. -- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler |
Joel 454 Posts ISC Handler |
| Reply Subscribe |
Jan 28th 2010 9 years ago |
|
Had a couple of calls on this, this morning. My machine isn't effected with Jan 27, 2010 r49.
|
Anonymous |
| Reply Quote |
Jan 28th 2010 9 years ago |
|
We had 3 of these this morning. Thanks for the info.
|
Anonymous |
| Reply Quote |
Jan 28th 2010 9 years ago |
|
I wonder if it's flagging the actual Adobe Flash Player installer, or the Adobe DLM program that most people are duped into downloading from the Adobe site in order to simply get the Flash Player. Of course the latter tries to install other unwated 'goodies' such as Acrobat Reader, so I think it's only fair to flag it as spyware/malware...
|
Steven C. 171 Posts |
| Reply Quote |
Jan 28th 2010 9 years ago |
|
We had the problem here for several machines. It looks like the older Adobe Flash installer version 10.0.22.87 for Firefox is the one being detected as a Trojan Horse. I downloaded this older version from Adobe and it detected it wit hthe 1/27/2010 r49 definitions. I uploaded the installer to Symantec's submission web site in response to a case I had opened and they said it was clean. Rapid Release for 1/28/2010 r7 still detects it. I suspect a definition update that comes out later today will correct it.
|
Steven C. 3 Posts |
| Reply Quote |
Jan 28th 2010 9 years ago |
|
I also wanted to note that the current version of Adobe Flash player is 10.0.42.34.
|
Steven C. 3 Posts |
| Reply Quote |
Jan 28th 2010 9 years ago |
|
I'll take an occasional false positive, since it's blocking about 6-12 FakeAV install attempts a day in my environment.
|
Shawn 29 Posts |
| Reply Quote |
Jan 29th 2010 9 years ago |
|
I've confirmed that the Symantec definitions dated 1/28/2010 revision 25 or later correct this false positive detection.
|
Shawn 3 Posts |
| Reply Quote |
Jan 29th 2010 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!
