Symantec Endpoint Protection Reports Trojan.Gen.SMH

[WordForever]

During the upgrade to theWord 5.0.0.1450 (via theword-setup-binary.exe) on Windows 7 Pro 64-bit, Symantec Endpoint Protection 12.1.4013.4013 (AntiVirus) falsely reported the twrestart.exe as a Trojan.Gen.SMH (see attached screenshots for details). I'm not sure if the "restart.exe" executable core name or the action of restarting the application or something else is causing this false-positive low-risk virus flag, but the default action was to Quarantine twrestart.exe and not restart theWord automatically at the end of the upgrade process. In a world with frequent major computer security breaches this could scare away faint-hearted users from adopting theWord. I stumbled across a Bible Software Reviewer (Jay Guin) who hit the same Trojan.Gen.SMH detection issue and commented about it (along with praise for theWord) at the bottom of this Review page http://oneinjesus.info/2014/10/bible-so ... on-part-2/ Otherwise, my limited use of theWord 5 has all been positive so far and I am deeply impressed at the level of programming effort/fixes, appreciate the transparency of the detailed change list, and I thank you deeply for the gift to the body of Christ of such a wonderful bible application!

[csterg]

The twrestart.exe is a very small file that is used to restart theWord when you install a new module. Obviously it contains no malware of any kind (in fact i could even post the source code for it), yet I have until today no secure mechanism to know how to avoid such false alarms.

I agree that for a novice user all these false alarms are frustrating at least, but i am not really sure how to handle the situation. Maybe the reason for this alarm is because the twrestart.exe is included in the main theword.exe executable as a resource, and AV programs find this peculiar. This AV war is something difficult to keep up with
Costas