DVDFab Forum - DVDFab-64 components reported as threat by Norton Security after 10.0.7.6 update

Announcement

Collapse
No announcement yet.

DVDFab-64 components reported as threat by Norton Security after 10.0.7.6 update

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Software DVDFab-64 components reported as threat by Norton Security after 10.0.7.6 update

    DVDFab components reported as threat by Norton Security after update to DVDFab-64 10.0.7.6. on Jan. 4, 2018

    Today after installing an update that was offered in the usual manner by DVDFab-64 10.0.7.4 to version DVDFab-64 10.0.7.6, Norton Security then removed six (6) components of DVDFab and reported them as being Threat name: WS.Reputation.1.

    Something that I find confusing is after coming to the DVDFab Forum to investigate any reports by other members of virus issues with the new version I didn't find any announcement of the release and availability of version 10.0.7.6.

    Curious is the fact that these components were installed 11/22/2017. I originally installed DVDFab-64 version 10.0.6.8 on 11/22/2017 and updated to version 10.0.7.4 on 12/24/2017. I installed the latest version 10.0.7.6 today on 01/04/2018.

    Upon the first execution of the program immediately following the DVDFab-64 update Norton Security reported threats and removed components of DVDFab-64.

    Here are the details of the program threats removed and reported by Norton Security.

    Threat type: WS.Reputation.1 - Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe.

    Program Name --- Threat Name ------- Date On ----- Last Used -- Norton Users ------- Released ------------------ Risk Level
    record-64.dll---------WS.Reputation.1 - 11/22/2017 - 01/04/2018 - Fewer than 5 user - Less than 1 week ago - Medium
    drmremoval.exe----WS.Reputation.1 - 11/22/2017 - 01/04/2018 - Fewer than 5 user - Less than 1 week ago - Medium
    fabcore_10bit.exe--WS.Reputation.1 - 11/22/2017 - 01/04/2018 - Fewer than 5 user - Less than 1 week ago - Medium
    fabvm.dll--------------WS.Reputation.1 - 11/22/2017 - 01/04/2018 - Fewer than 5 user - Less than 1 week ago - Medium
    filemover.exe--------WS.Reputation.1 - 11/22/2017 - 01/04/2018 - Fewer than 5 user - Less than 1 week ago - Medium
    fileop.exe-------------WS.Reputation.1 - 11/22/2017 - 01/04/2018 - Fewer than 5 user - Less than 1 week ago - Medium

    I have captured a number a number of screens to illustrate the reports created by Norton Security.

    Note that the source of the files are the version 10.0.7.4 upgrade which had been used without any problem for over a month before the update.
    Click image for larger version  Name:	Record-64.PNG Views:	1 Size:	13.9 KB ID:	347117

    Click image for larger version  Name:	Drmremoval.PNG Views:	1 Size:	23.7 KB ID:	347118

    Click image for larger version  Name:	Fabcore.PNG Views:	1 Size:	23.8 KB ID:	347119

    Click image for larger version  Name:	Fabvm2.PNG Views:	1 Size:	16.1 KB ID:	347120

    Last edited by PandaWanKenobi; 01-04-2018, 09:36 PM.

  • #2
    If you downloaded here it's a false positive. Add as an exception in Norton and inform them of the false positive notice.
    How to post the internal log


    Things should be made as simple as possible, but no simpler.
    Albert Einstein

    Comment


    • #3
      As I said before the update was offered by DVDFab-64 upon start-up.

      Can you tell me why there is no announcement of the update? Was it just offered before the update was announced?

      Also because the messages indicated that the components were from an older version (10.0.7.4) but dating back to version 10.0.6.8, I thought the removed components should have been replaced by new versions of the files depending on what files were actually changed by the updates.

      After the problem occurred and 90312-Senior Moderator advised it was a false positive I tried backing up a DVD using option DVD Copy (Full Disc) before restoring the files and the program appears to be working without any issues which leaves me a bit puzzled about what has really occurred in both the update and the threat detection report because Norton claims to have successfully removed all six (6) components.

      And thank you!
      Last edited by PandaWanKenobi; 01-04-2018, 11:32 PM. Reason: Additional Information added because the program functions normally.

      Comment


      • #4
        i would say it's something on Norton's end.
        are your virus definitions / antivirus program up to date ??

        Comment


        • #5
          Yes Virus Definitions are up to date. Restored, Excluded and Submitted all components to Symantec in false positive reports which is no small task for six (6) files.

          Thing is I'd just yesterday scanned the entire drive.

          Figured out all those components probably weren't used during a DVD Copy (Full Disc) and more likely to be used during a file conversion or other operation.

          That means the report was triggered by the download and install but didn't occur until I was restarting DVDFab10(x64) after the update.

          Also there weren't any other files that I saw that had the 11/22/2017 date.

          After all that kind of reluctant to scan the DVDFab10 program folder and sub-directories but know I have to do it.

          If any other components have issues with the anti-virus scan I'll report it here.
          Last edited by PandaWanKenobi; 01-05-2018, 01:39 AM.

          Comment


          • #6
            This is a false positive. Please try a full download from the published links rather than from within DVDFab. Can't account for the odd behavior of Symantec, try Malwarebytes Pro instead perhaps (although it has false positives as well occasionally).
            Supplying DVDFab Logs in the Forum ...........................User Manual PDF for DVDFab v11................................ Guide: Using Images in Posts

            Comment


            • #7
              Submitted False Positive reports to Symantec (Norton Security) that included uploading copies of the files for analysis and received the following replies:

              In relation to submission(s) 66521 thru 66528

              Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

              File name: record-64.dll
              MD5: ad6045735757cd17fd42672d3057e44b
              SHA256: 2374f1007a34d20eafe9c85f07989a1f5c990f7692a057f93b 65e2768c167c21

              File name: fileop.exe
              MD5: acc97f2bed3000701458e2713cca1837
              SHA256: f6143a0f0e6025de2755b04fc007c425550044c64d0648c3d2 09b04e381ea64e

              File name: drmremoval.exe
              MD5: b0ee59831a3d277e34205b780aa7e938
              SHA256: 4b19dea77923fab1cf737cb1b4377ed9807346d1df3ad5c19e ff009f12c69d0b

              File name: fabcore_10bit.exe
              MD5: ac31a81d33f03be9644efd34901756f6
              SHA256: c55c4160359ab8cd3813883840d629d0131df23769f055f06c 8eb545e1173f21

              File name: filemover.exe
              MD5: efb39f4ffac8fb27b309d460b745be72
              SHA256: 4fd9bd71b0e70e2d7017d576ff90d2cdfbf5f3e6ba6f653133 fdc9856bc3cd6a

              File name: fabvm.dll
              MD5: 76957da90e586578dee05c11f12d9214
              SHA256: 31c1b78510f4593803847f6c1a1348320101e9dcd259717d55 fa970eb02722b8

              Note: Whitelisting may take up to 24 hours to take effect via Live Update

              If detection persists, please contact support.

              Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.


              Sincerely,

              Symantec Security Response
              https://www.symantec.com/security-center

              Comment

              Working...
              X