I downloaded DMC gold, and at least Norton 360 did not complain about
the download installer file as it often did in the past. However,
when I ran it, it complained about a threat called "Suspcious.Cloud".
It's related to a file created in my temp directory called
~sb723f.tmp, so it may be related to SetupBuilder. Here's the full
report from Norton:


Discovered:
August 31, 2009
Updated:
March 13, 2013 7:26:11 PM
Type:
Other
Systems Affected:
Windows 2000, Windows NT, Windows Server 2003, Windows Server
2008, Windows Vista, Windows XP

Suspicious.Cloud is a detection technology designed to detect entirely
new malware threats without traditional signatures. This technology is
aimed at detecting malicious software that has been intentionally
mutated or morphed by attackers.

Antivirus Protection Dates

Initial Rapid Release version September 1, 2009 revision 002
Latest Rapid Release version September 1, 2009 revision 002
Initial Daily Certified version September 1, 2009 revision 006
Latest Daily Certified version September 1, 2009 revision 006
Initial Weekly Certified release date September 2, 2009

Click here for a more detailed description of Rapid Release and Daily
Certified virus definitions.
Threat Assessment
Wild

Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy

Damage

Damage Level: Low

Distribution

Distribution Level: Low


Mike Hanson

Thanks for reporting this Mike

We will see tomorrow if Fredrich has an idea of what this could be ....

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com

Hi JP,

> Thanks for reporting this Mike
>
> We will see tomorrow if Fredrich has an idea of what this could be ....

It's a typical false-positive on your setup. Report the bug to the
anti-virus / anti-spyware vendor so they can fix it ASAP ;-)

http://www.lindersoft.com/forums/showthread.php?t=38459

Friedrich

BTW, assuming that you are using SetupBuilder 8 to compile your setups and
that Mike has an up-to-date Symantec product and definition update. Feel
free to mention the following to the Symantec "experts" <g>

False Positive Submission [3147335] -- Suspicious.Cloud.5.D

---

From: Symantec FP Incident Response [mailto:falsepositives@symantec.com]
Sent: Monday, April 15, 2013 9:36 PM
Subject: [No Reply] False Positive Submission [3147335]

In relation to submission [3147335].

Upon further analysis and investigation we have verified your submission and
as such this detection will be removed from our products.

The updated detection will be distributed in the next set of virus
definitions, available via LiveUpdate or from our website at
http://securityresponse.symantec.com/avcenter/defs.download.html

Decisions made by Symantec are subject to change if alterations to the
Software are made over time or as classification criteria and/or the policy
employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, why not take part in our whitelisting program?
To participate in this program, please complete the following form:
https://submit.symantec.com/whitelist


Sincerely,
Symantec Security Response

---

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

--Helping You Build Better Installations
--SetupBuilder "point. click. ship"
--Create Windows 8 ready installations in minutes
--Official Comodo Code Signing and SSL Certificate Partner

Merci Fredrich

i'll leave this one to Mike to report.

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com

What are the odds/probability of finding a small set of bytes which
match the "signature" of a known virus?

AV companies in effect give virus writers a list of what the AV
software is looking for with every definition update. Thats clever...
not!<g>

Richard Rose

> What are the odds/probability of finding a small set of bytes
> which match the "signature" of a known virus?
>
> AV companies in effect give virus writers a list of what the
> AV software is looking for with every definition update. Thats
> clever... not!<g>

<BG> :)

Friedrich

And this is so funny, IMO:

---
Upon further analysis and investigation we have verified your submission
and as such this detection will be removed from our products.
....
Decisions made by Symantec are subject to change...
---

All this is a perfect candidate for an endless LOOP <g>

Friedrich

Like telling someone to piss in the corner of a round room.

--

Russ Eggen
RADFusion International, LLC

>
> Like telling someone to piss in the corner of a round room.
>

Hehehehehe :)

Friedrich

Shall do.

Mike Hanson
www.boxsoft.net

Done.

Mike Hanson
www.boxsoft.net

Merci

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com

Hi Richard,

> What are the odds/probability of finding a small set of bytes which
> match the "signature" of a known virus?
>
> AV companies in effect give virus writers a list of what the AV
> software is looking for with every definition update. Thats clever...
> not!<g>

20 years ago my virus program (don't remember what it was) found a virus in
an image that I had just scanned. It was an obvious false positive since
nothing else was infected, just that one bmp file. Ever since then, I've
always been a bit suspicious of anti-virus programs. If you look for an
unlikely combination of 100 bytes you _will_ end up finding it somewhere;)

Best regards,

--
Arnór Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com - www.altawebworks.com
Icetips product subscriptions at http://www.icetips.com/subscribe.php

....and verified by Symantec as a false positive. That was fast!

Mike Hanson
www.boxsoft.net

>
> ....and verified by Symantec as a false positive. That was fast!
>

Wow! Thanks for the update.

Friedrich

Thanks Mike - they ARE fast!

--
JP
__________________________________________________ _____

For those who do not understand ... : "Qui bene amat bene castigat."
__________________________________________________ _____

DMC - Data Management Center : a tool to let you Migrate Import Export
Transfer your Data
www.dmc-fr.com