theWord
https://forum.theword.net/

Symantec Endpoint Protection Reports Trojan.Gen.SMH
https://forum.theword.net/viewtopic.php?f=8&t=6624
Page 1 of 1

Author:  WordForever [ Sat Jul 11, 2015 12:28 pm ]
Post subject:  Symantec Endpoint Protection Reports Trojan.Gen.SMH

During the upgrade to theWord 5.0.0.1450 (via theword-setup-binary.exe) on Windows 7 Pro 64-bit, Symantec Endpoint Protection 12.1.4013.4013 (AntiVirus) falsely reported the twrestart.exe as a Trojan.Gen.SMH (see attached screenshots for details). I'm not sure if the "restart.exe" executable core name or the action of restarting the application or something else is causing this false-positive low-risk virus flag, but the default action was to Quarantine twrestart.exe and not restart theWord automatically at the end of the upgrade process. In a world with frequent major computer security breaches this could scare away faint-hearted users from adopting theWord. I stumbled across a Bible Software Reviewer (Jay Guin) who hit the same Trojan.Gen.SMH detection issue and commented about it (along with praise for theWord) at the bottom of this Review page http://oneinjesus.info/2014/10/bible-so ... on-part-2/ Otherwise, my limited use of theWord 5 has all been positive so far and I am deeply impressed at the level of programming effort/fixes, appreciate the transparency of the detailed change list, and I thank you deeply for the gift to the body of Christ of such a wonderful bible application!

Attachments:
theWord_False_Trojan.jpg
theWord_False_Trojan.jpg [ 88.95 KiB | Viewed 1640 times ]
Trojan_Gen_SMH.jpg
Trojan_Gen_SMH.jpg [ 96.67 KiB | Viewed 1640 times ]

Author:  csterg [ Thu Jul 23, 2015 8:48 am ]
Post subject:  Re: Symantec Endpoint Protection Reports Trojan.Gen.SMH

The twrestart.exe is a very small file that is used to restart theWord when you install a new module. Obviously it contains no malware of any kind (in fact i could even post the source code for it), yet I have until today no secure mechanism to know how to avoid such false alarms.

I agree that for a novice user all these false alarms are frustrating at least, but i am not really sure how to handle the situation. Maybe the reason for this alarm is because the twrestart.exe is included in the main theword.exe executable as a resource, and AV programs find this peculiar. This AV war is something difficult to keep up with
Costas

Page 1 of 1 All times are UTC + 2 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/