08-12-2012 09:27 PM
Dear all,
I rebuilt my application with LV 2011 and try to install the .exe file to Windows 7 machine. But the exe file was considered as Suspicious.Cloud.5 and was removed by Symantec Endpoint Protection? Try to use the Symantec to scan the whole development PC but could not find any virus. Could anyone give me some ideas why it happened and how to fix it?
Thanks very much for your help?
08-12-2012 10:00 PM
Symantec has something wrong with its scanning mechanism and is considering it a false positive. That, or somehow your LabVIEW.exe did get infected by a virus.
Try reinstalling LabVIEW. If Symantec still as issues, then you need to report it to them as a false positive.
08-13-2012 02:13 AM
08-14-2012 09:27 AM
If the file is known to be good, then you can file a false positive report with Symantec Security Response.
08-14-2012 12:44 PM - edited 08-14-2012 12:50 PM
I just ran into a simmilar problem yesterday.
In my case Symantec nails exe's at the end of the build process and quarantines the exe.
Interestingly if I disable Symantec then build the exe, Symantec does not have a problem with the now built exe.
I also reported this to NI and sent a false positive report to Symantec.
We are running Symantec Endpoint Protection 12.1.000.157 RU1
08-14-2012 12:58 PM
My AVG still considers a bunch of labview files as a virus. I also read in couple of more discussions Norton detecting some other labview files as infected. I am not sure if it is just Symentc or AVG problem or a Labview problem. I just know its irritating!
08-14-2012 01:14 PM
It's probably a combination of how LabVIEW builds an executable, by adding the actual compiled VI code to an executable stub, therefore modyfying a file that the virus tools consider already as an executable file and overzealous virus scanners. Modifying an exe file is indeed a common means of viruses and troyans to get themselves installed into a system without having to change the configuration of that PC itself. However it is not a malicious action per se, since many packager tools that create self extracting archives do in fact the same. Requiring NI to do it different is in fact very cumbersome, since that would mean that NI needs to also build the entire startup code from scratch each time, therefore including a C compiler/linker into the LabVIEW application builder, with all the complications of such as to creating it in a valid way for all the possible Windwos variants.
Flagging modifications of an exe stup as virus action automatically is probably a good thing on a consumer machine, but simply inapproapriate on any developer system.Symantec and Co need to get their act together in this and apply extra security checks before concluding that an exe stub modification is always a bad thing.
02-26-2015 03:15 AM
Hello, in my case, it was the name of a TypeDef "GetDataParameter". I renamed it, and it worked!
03-16-2015 11:41 AM
Symantec has also removed my executable (names it as suspicious.cloud.5) when I am in the middle of building it, so I can never complete the build process. I cannot add an exception becaseu my IT departmetn is in control of that. I will have to put in a request. This has happened before on other builds over the last few years. Has there been any progress to prevent this from happening. It is very annoying. I am currently using LabVIEW 2013 SP1.
03-16-2015 02:11 PM
Did you contact symantec? After all, it is their fault!