Norton detect high risk

10 posts / 0 new
Last post
Tammam
Tammam's picture
Norton detect high risk

Norton detect high risk in alfareaderinternal.exe
as below:

Filename: alfareaderinternal.exe
Threat name: Heur.AdvML.BFull Path: d:\program files\alfa.netsoft\alfa ebooks manager\alfareaderinternal.exe

____________________________

____________________________

On computers as of 
7/14/2017 at 12:01:03 AM

Last Used 
7/14/2017 at 12:03:03 AM

Startup Item 
No

Launched 
No

Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.

____________________________

alfareaderinternal.exe Threat name: Heur.AdvML.B
Locate

Few Users
Fewer than 50 users in the Norton Community have used this file.

Mature
This file was released 8 months ago.

High
This file risk is high.

____________________________

Source: External Media

Source File:
alfareaderinternal.exe

____________________________

File Actions

File: d:\program files\alfa.netsoft\alfa ebooks manager\ alfareaderinternal.exe Removed
____________________________

File Thumbprint - SHA:
888e159cd8f4df9873565f2a16e91d8fa12a9bbcb80e02beabb4a5729366da6e
File Thumbprint - MD5:
490584faff23f0f26c9db53823333ac7

admin
admin's picture

Tammam, please add this file to Nortons exceptions
d:\program files\alfa.netsoft\alfa ebooks manager\ alfareaderinternal.exe

It's absolutely safe program

Tammam
Tammam's picture

I cannot do that in such unsafe cyber world
If you think this high risk is safe it will be better if you solve this issue with Norton by reporting it as false positive

Noxcivis
Noxcivis's picture

Tammam wrote:I cannot do that in such unsafe cyber world
If you think this high risk is safe it will be better if you solve this issue with Norton by reporting it as false positive

Once this has been validated with Norton as a false positive I will proceed with a purchase.

Would recommend that https://submit.symantec.com/false_positive submit the exe and post back a formal reply to this thread. I am sure that Alfa.NetSoft are very interested in ending this thread positively and with 100% confidence. A formal response from Symantec (even automated) would be very valuable.

I do have a high level of confidence that the file is safe, based on a https://www.virustotal.com/en/file/aa3dfca6c7f2f2244f80639f0c60b4a69d2e0b57860dbb1e961c20a4bcad47d2/analysis/1500409611/ scan. That being said I think it important that we have more than "It's absolutely safe program". :)

Noxcivis
Noxcivis's picture

For the record, from Symantec...

In relation to submission 41844.

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

File name: AlfaReaderInternal.exe
MD5: 974c9a73ce1876026a8202f5f2beec3a
SHA256: aa3dfca6c7f2f2244f80639f0c60b4a69d2e0b57860dbb1e961c20a4bcad47d2
Note: Whitelisting may take up to 24 hours to take effect via Live Update

If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info
* SEP: https://support.symantec.com/en_US/endpoint-protection.54619.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor and would like to upload your software for proactive whitelisting, please complete one of the following forms:
* If you are BCS customer: https://submit.symantec.com/whitelist/bcs
* Otherwise: https://submit.symantec.com/whitelist

For more information on best practices to reduce false positives:
http://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf

coolhacker
coolhacker's picture

It is safe and I use it. I am an expert in the Cyber security risk field for 12+ years. I would not be using it if I thought otherwise. I posted virustotal.com below too with both scans. Virus scanners can detect something as a false positive on just about anything. Just like a vulernability scanner. This is why you use more than one source. If you have as many books as I do, I think you will love the tool.

admin
admin's picture

Hi, Norton requires certificate that we can't provide yet. So for now we'll be hackers and steal ebooks from every our user

coolhacker
coolhacker's picture

virustotal.com/en/ is the best place to test a file if you think it might have a virus. It uses every virus scanner on the market and gives you a report. These files are clean! I hate false positives, it can hurt a company. It is free and no registration!

Manager:
aemsetup.msi - https://virustotal.com/en/file/b92858ceed14edd3ae97d20cce85f9ce03187b1f68f001b0d6c2488140ddea17/analysis/
setup.exe - https://virustotal.com/en/file/5543308221d91b5f258046c0f0ebffbe464ad53027f6caa7c02738867462c1e3/analysis/1501294856/

Reader:
AlfaReaderSetup.msi - https://virustotal.com/en/file/e12b346b9e04a36ab27ea6c10abbfdb02cb2d625a1cbf95a803fca5dd2a9a713/analysis/
setup.exe - https://virustotal.com/en/file/f2848deb1c7535f862a33194070599c6cdadb18ec0ac8c008fb3fc5dfcb5f669/analysis/

Tammam
Tammam's picture

admin wrote:Hi, Norton requires certificate that we can't provide yet. So for now we'll be hackers and steal ebooks from every our user

it is nothing against you personally , but let us be logical norton detect a file as high risk , should i simply ignore that?
for example before few month one famous IT accounting solutions company in Ukraine was the main reason to the spread of ransomware in the world.
I am reporting this to you and this means i trust you as company and want you to be aware about this issue

admin
admin's picture

Tammam, thank you for your trust and report