Hi everyone,
I have developped an .exe file and then put it in a shared network (a NAS).
I've then installed a Symantec Protection Engine 7.9, After the first scan, the .exe file was blocked :
An infection has been found
Date/time of event = 2018-06-15 09:52:13 Event Severity Level = Warning Scan Rule = Repair or delete Threats URL = 10.XXX.XXX.XXX/*****.exe File name = *****.exe File status = BLOCKED Component name = ****.exe Component disposition = INFECTED Virus name = Heur.AdvML.C Virus ID = 4294779570 Virus definitions = 20180614.007 Client IP = 10.XXX.XXX.XXX Scan Duration (sec) = 7.751 Connect Duration (sec) = 7.767 Symantec Protection Engine IP address = 10.XXX.XXX.XXX Symantec Protection Engine Port number = 1344 Uptime (in seconds) = 104 Uber Category = Malware,Advanced Heuristic Sub Category Name = Heuristic Virus Sub Category ID = 3 Sub Category Description = Detection of a threat based on malware heuristics.
Cumulative Risk Rating = High
Performance impact = High
Privacy impact = High
Ease of removal = High
Stealth = High
so I add that file to exclusion list in filtering.xml file by this command line :
c:\Program Files\Symantec\Scan Engine>java -jar xmlmodifier.jar -b "/filtering/FileAttribute/DenyFilePaths/items""c:\exclusion.txt" filtering.xml
where exlcusion.txt file contains le full path and the name of the file.
I got a java error "java.lang.NullPointerException" but the line is added in filtering.xml file :
<FileAttribute>
<FileNamesEnabled value="false"/>
<DeleteFileNames value="false"/>
<FileSizeScanThreshold value="0"/>
<DenyFileNames>
<items>
</items>
</DenyFileNames>
<FileTypeFilteringEnabled value="false"/>
<DenyFileTypes>
<items>
</items>
</DenyFileTypes>
<DenyFilePaths>
<items>
<item value="\\10.XXX.XXX.XXX\downloads\PDT\******.exe"/>
</items>
</DenyFilePaths>
.
.
after restarting symcscan service, the file is still blocked ! any help please !
Thanks.