Showing results for 
Search instead for 
Did you mean: 

labview exe was considered as and removed by Symantec

Dear all,


I rebuilt my application with LV 2011 and try to install the .exe file to Windows 7 machine. But the exe file was considered as Suspicious.Cloud.5 and was removed by Symantec Endpoint Protection? Try to use the Symantec to scan the whole development PC but could not find any virus. Could anyone give me some ideas why it happened and how to fix it?


Thanks very much for your help?

0 Kudos
Message 1 of 25

Symantec has something wrong with its scanning mechanism and is considering it a false positive.  That, or somehow your LabVIEW.exe did get infected by a virus.


Try reinstalling LabVIEW.  If Symantec still as issues, then you need to report it to them as a false positive.

0 Kudos
Message 2 of 25

Hi PSY_Tech,

  You can even add an exception in symantec to allow your .exe,so your symantec wont block it..






0 Kudos
Message 3 of 25

If the file is known to be good, then you can file a false positive report with Symantec Security Response.

0 Kudos
Message 4 of 25

I just ran into a simmilar problem yesterday.


In my case Symantec nails exe's at the end of the build process and quarantines the exe.


Interestingly if I disable Symantec then build the exe, Symantec does not have a problem with the now built exe.


I also reported this to NI and sent a false positive report to Symantec.


We are running Symantec Endpoint Protection RU1 

=== Engineer Ambiguously ===
0 Kudos
Message 5 of 25

My AVG still considers a bunch of labview files as a virus. I also read in couple of more discussions Norton detecting some other labview files as infected. I am not sure if it is just Symentc or AVG problem or a Labview problem. I just know its irritating!Smiley Frustrated

Kudos are (always) welcome for the good post. 🙂
0 Kudos
Message 6 of 25

It's probably a combination of how LabVIEW builds an executable, by adding the actual compiled VI code to an executable stub, therefore modyfying a file that the virus tools consider already as an executable file and overzealous virus scanners. Modifying an exe file is indeed a common means of viruses and troyans to get themselves installed into a system without having to change the configuration of that PC itself. However it is not a malicious action per se, since many packager tools that create self extracting archives do in fact the same. Requiring NI to do it different is in fact very cumbersome, since that would mean that NI needs to also build the entire startup code from scratch each time, therefore including a C compiler/linker into the LabVIEW application builder, with all the complications of such as to creating it in a valid way for all the possible Windwos variants.


Flagging modifications of an exe stup as virus action automatically is probably a good thing on a consumer machine, but simply inapproapriate on any developer system.Symantec and Co need to get their act together in this and apply extra security checks before concluding that an exe stub modification is always a bad thing.

Rolf Kalbermatter
DEMO, TU Delft
My Blog
Message 7 of 25

Hello, in my case, it was the name of a TypeDef "GetDataParameter". I renamed it, and it worked!

0 Kudos
Message 8 of 25

Symantec has also removed my executable (names it as when I am in the middle of building it, so I can never complete the build process.  I cannot add an exception becaseu my IT departmetn is in control of that.  I will have to put in a request.  This has happened before on other builds over the last few years.  Has there been any progress to prevent this from happening.  It is very annoying.  I am currently using LabVIEW 2013 SP1.

0 Kudos
Message 9 of 25

Did you contact symantec? After all, it is their fault!

0 Kudos
Message 10 of 25