Index General Support requests Feature requests Content requests Bug reports Misc issues Tips & tricks How to... Notices

Symantec was notified about icomancer being a "false positive"... (Notices)

by acaballero @, Wednesday, July 11, 2012, 20:25 (3985 days ago)
edited by acaballero, Wednesday, July 11, 2012, 23:04

Thanks to a BitsDuJour user that posted a comment on icomancer's profile on BitsDuJour, we've sent a notification to Symantec stating that icomancer is a false positive, so their Norton antivirus products don't report it as a threat.

Plain response follows:

From: FalsePositives{at}symantec{.}com
To: acaballero{at}lavasoftworks{.}com
Subject: False Positive Submission
Date: Wed, 11 Jul 2012 17:54:52 -0700 (PDT)

This is an automated message. Please, do not reply to this email.

We would like to inform you that your submission has been received successfully by Symantec Security Response and a tracking number has been created for it.

The incident number for your submission is: 2852099


Detection occured: INSTALL

Usign product: UNKNOWN

Type of detection: UNKNOWN

Customer name: Alejandro Caballero (acaballero{at}lavasoftworks{.}com)

Name of detection given by Symantec product:

File uploaded:

Virus Total URL:

MD5 or SHA256 from the customer:

Customer's notes:
Ive received a report from a potential buyer of my app that her Norton
antivirus -dont know distro or version- not allowed her to install my
My app is built using Visual Basic Express 2010 I cant sign it
with a certificate and the installer package cant also be signed
because I dont have the tools to do it properly mainly because my
application is made of open source and free development tools.

cant upload the referenced installer package here because it weights
about 100MB.

So I urge you to analyze my installing packages so
your products dont scare my potential customers.

Direct download
links can be found at



Symantec Security Response

And here's the answer:

Date: Wed, 11 Jul 2012 22:26:35 -0700 (PDT)
From: Symantec FP Incident Response <falsepositives{@}symantec{.}com>
To: acaballero{@}lavasoftworks{.}com
Subject: Dispute Submission [2852099]

We are writing in relation to your submission through Symantec's on-line Security Risk / False Positive Dispute Submission form for your software being detected by Symantec Software. In light of further investigation and analysis Symantec is happy to remove this detection from within its products.

The updated detection will be distributed in the next set of virus definitions, available daily, or weekly via LiveUpdate, depending on Symantec product version, or daily from our website at

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, Symantec offers the possibility of adding your software to its database of known clean files in order to reduce the possibility of false positives. If you wish to participate in this program, please complete the following form.


Symantec Security Response

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.

timestamp: 1342071125

symantec, norton, virus, threat

Complete thread:

 RSS Feed of thread

powered by my little forum