ccristal Posted August 19, 2016 Share Posted August 19, 2016 Hi! I've been using the RS since time immemorial. For the first time, after updating the RS to v1.33.1, the service could not start. After investigating around a bit, I discoverd that the problem was due to Symantec Endpoint Protection quarantining the file DVBVservice.exe, as you can see in the screenshot below. Here's what Symantec says about the virus. Is this a known issue? Are you planning a fix? Thank you! ccristal Quote Link to comment
iks-jott Posted August 19, 2016 Share Posted August 19, 2016 Hello ccristal, you´re not the first user. http://www.DVBViewer.tv/forum/topic/58539-trojan-virus/?hl=virus http://www.DVBViewer.tv/forum/topic/58311-windows-defender-does-not-like-recording-service/?hl=virus#entry448228 Quote Link to comment
ccristal Posted August 19, 2016 Author Share Posted August 19, 2016 That means it's a real issue, and should be fixed, false positive or not. Quote Link to comment
Griga Posted August 19, 2016 Share Posted August 19, 2016 I've asked Christian and he confirmed that this announcement also applies to the Recording Service 1.33.1 (somehow it was forgotten ). The signed binaries should be more acceptable for security software. So if you don't have the signed version yet, please download again and re-install... Quote Link to comment
ccristal Posted August 19, 2016 Author Share Posted August 19, 2016 (edited) I don't understand... I downloaded the installer just half an hour before writing my post. So I already have the signed version. Symantec Endpoint Protection does not complain about the RS Installer. The installation terminates regularly, except for the fact that DVBVservice.exe gets instantly deleted. Edited August 19, 2016 by ccristal Quote Link to comment
Griga Posted August 19, 2016 Share Posted August 19, 2016 I think this has to be fixed by Symantec. We already have done what we could do to make the Recording Service more trustworthy. AFAIK Christian has spent some money for it. It would be good if you could send a "false positive" report to Symantec. Quote Link to comment
ccristal Posted August 19, 2016 Author Share Posted August 19, 2016 Done. CONFIRMATIONYour submission has been sent Fri Aug 19 12:22:57 PDT 2016. To make another submission, click here. Sincerely, Symantec Security Response Quote Link to comment
Griga Posted August 19, 2016 Share Posted August 19, 2016 Thanks Let's hope it will take effect. Does Symantec Endpoint Protection provide a exclusion list that can be used to fix this issue? Quote Link to comment
ccristal Posted August 19, 2016 Author Share Posted August 19, 2016 Yes, I've already sorted that out. However, that's a sub-optimal solution, as I'm sure you understand... Quote Link to comment
Hansrh Posted August 20, 2016 Share Posted August 20, 2016 For certain no virus ! I just tested it on Virustotal and only 1 out of 54 virusengines believes that there is a virus in the file (Qihoo-360) : https://www.virustotal.com/sv/file/7047d5bf800bb690ff99a38cdd7df0f91d92263fee53c037f1fdca0db48572b4/analysis/1471667315/ In that test Symantec reports that the file is OK ! / rogermoor Quote Link to comment
HaraldL Posted August 20, 2016 Share Posted August 20, 2016 In that test Symantec reports that the file is OK ! But every user has a binary different EXE file because there are user credentials integrated to identify pirated copies. So the same virus scanner could falsely complain about the EXE of one user but not about the EXE of another user. The newly added digital signature should help to verify that the file is legit and the differences don't result of virus infections. I just checked my personal (and signed) dvbservice.exe at virustotal.com and got 0/55 detection. Btw, if you send a legit file to virustotal don't forget to click on the green smiley on top right after scan to say you assume the file is good and not dangerous. Quote Link to comment
ccristal Posted August 20, 2016 Author Share Posted August 20, 2016 Symantec Endpoint Protection has several detection technologies that can be enabled or disabled, and those might influence whether a virus is detected or not. Not sure which settings Virustotal is using, but that might be why it doesn't detect a virus whereas mine does. For example, SEP has a feature called "Insight". From their own help: Insight allows scans to skip digitally signed files and trusted good files. Some files contain typical vulnerabilities. After those files are scanned initially, subsequent scans can skip the files since vulnerability definitions rarely change. Insight also uses file reputation data to skip trusted files. You can configure the level of trust. If you select Symantec and Community Trusted, scans skip more files (less secure). If you select Symantec Trusted, scans skip fewer files (more secure). My setting for Insight is "Symantec Trusted". Probably, if I set it to "Symantec and Community Trusted", the file wouldn't be picked up. Also, SEP's own heuristic virus detection technology, Bloodhound, can be set to "Automatic" or "Aggressive". My setting was "Aggressive". Probably VT uses "Automatic", and that could be why it doesn't flag the file. Anyway... I've now submitted a false positive report. They will answer in a couple of days. I will report back once I get a reply. ccristal Quote Link to comment
ccristal Posted August 20, 2016 Author Share Posted August 20, 2016 Guess what... they replied the moment I hit "Post" on my previous message... :-) Here's what they wrote: In relation to submission [3986980].Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products: Filename: DVBVservice.exe MD5: 2D922BC6F530CE70CA3355D541BAD922 SHA256: 2F19C8F89727C5C90335CAEA69B7543448B73FB3864509DFDD18917CAC8FACD9 Result: Whitelisting for above file is taking effect from now on. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.