LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

labview exe was considered as suspicious.cloud.5 and removed by Symantec

Dear all,

 

I rebuilt my application with LV 2011 and try to install the .exe file to Windows 7 machine. But the exe file was considered as Suspicious.Cloud.5 and was removed by Symantec Endpoint Protection? Try to use the Symantec to scan the whole development PC but could not find any virus. Could anyone give me some ideas why it happened and how to fix it?

 

Thanks very much for your help?

0 Kudos
Message 1 of 25
(5,244 Views)

Symantec has something wrong with its scanning mechanism and is considering it a false positive.  That, or somehow your LabVIEW.exe did get infected by a virus.

 

Try reinstalling LabVIEW.  If Symantec still as issues, then you need to report it to them as a false positive.

0 Kudos
Message 2 of 25
(5,241 Views)

Hi PSY_Tech,

  You can even add an exception in symantec to allow your .exe,so your symantec wont block it..

 

 

Regards,

SrikrishnaNF

Regards,
Srikrishna


0 Kudos
Message 3 of 25
(5,233 Views)

If the file is known to be good, then you can file a false positive report with Symantec Security Response.

 

https://submit.symantec.com/false_positive/

0 Kudos
Message 4 of 25
(5,201 Views)

I just ran into a simmilar problem yesterday.

 

In my case Symantec nails exe's at the end of the build process and quarantines the exe.

 

Interestingly if I disable Symantec then build the exe, Symantec does not have a problem with the now built exe.

 

I also reported this to NI and sent a false positive report to Symantec.

 

We are running Symantec Endpoint Protection 12.1.000.157 RU1 

========================
=== Engineer Ambiguously ===
========================
0 Kudos
Message 5 of 25
(5,187 Views)

My AVG still considers a bunch of labview files as a virus. I also read in couple of more discussions Norton detecting some other labview files as infected. I am not sure if it is just Symentc or AVG problem or a Labview problem. I just know its irritating!Smiley Frustrated



------------------------------------------------------------------------------------------------------
Kudos are (always) welcome for the good post. 🙂
0 Kudos
Message 6 of 25
(5,178 Views)

It's probably a combination of how LabVIEW builds an executable, by adding the actual compiled VI code to an executable stub, therefore modyfying a file that the virus tools consider already as an executable file and overzealous virus scanners. Modifying an exe file is indeed a common means of viruses and troyans to get themselves installed into a system without having to change the configuration of that PC itself. However it is not a malicious action per se, since many packager tools that create self extracting archives do in fact the same. Requiring NI to do it different is in fact very cumbersome, since that would mean that NI needs to also build the entire startup code from scratch each time, therefore including a C compiler/linker into the LabVIEW application builder, with all the complications of such as to creating it in a valid way for all the possible Windwos variants.

 

Flagging modifications of an exe stup as virus action automatically is probably a good thing on a consumer machine, but simply inapproapriate on any developer system.Symantec and Co need to get their act together in this and apply extra security checks before concluding that an exe stub modification is always a bad thing.

Rolf Kalbermatter
DEMO, TU Delft
My Blog
Message 7 of 25
(5,173 Views)

Hello, in my case, it was the name of a TypeDef "GetDataParameter". I renamed it, and it worked!

0 Kudos
Message 8 of 25
(4,104 Views)

Symantec has also removed my executable (names it as suspicious.cloud.5) when I am in the middle of building it, so I can never complete the build process.  I cannot add an exception becaseu my IT departmetn is in control of that.  I will have to put in a request.  This has happened before on other builds over the last few years.  Has there been any progress to prevent this from happening.  It is very annoying.  I am currently using LabVIEW 2013 SP1.

0 Kudos
Message 9 of 25
(4,010 Views)

Did you contact symantec? After all, it is their fault!

0 Kudos
Message 10 of 25
(3,997 Views)