The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Stefan Winter <stefan.winter AT restena.lu>]

Hi,

> are there any plans (by you or AV manufacturers) to fix this? It’s a
> pain if all or at least many Windows users have to open CMD and enter
> commands by hand to get eduroam running. 

Neither the words "all" or "many" really apply here. Symantec is the one
major vendor who mis-classifies the installers (and then it appears that
it only does that "sometimes"). It's also the same vendor which
"secures" the system by breaking the EAP method registry in Windows on
some versions so that API calls which are working on
non-Symantec-protected machines silently fail.

There is little we can do about broken third-party software: we reported
bugs against Symantec Endpoint Protection, but the manufacturer's
responsiveness is comparable to that of a black hole.

All those matches are based on heuristics; it's not possible to avoid
false positives completely because the installers need to do their work
in the end. The setEAPCred.exe which Symantec is jumping on
a) modifies the registry (it pushes the password into the corresponding
place in the registry)
b) was built using a generic software construction framework

Symantec thinks that this is enough to call it a virus.

To be honest, the best thing I can suggest is to look at the AV market
and consider competing products.

> BTW, I found the following information apparently related to the issue:
> https://www.virustotal.com/de/file/c5999f7b7510ba7c49255dbb0a9ef66d31de1245778b3937294eaee3ea478fdc/analysis/

Yes, we regularly use virustotal to assess whether a positive is an
odd-one-out from only one or few exotic AV vendors or if there maybe is
a real issue. As you can see in the report above, that was one of the
false positive cases. There are no real issues in the generated installers.

Greetings,

Stefan Winter

> 
> Best regards,
> Philipp Tobler
> ____________________________________
> Universität Bern
> Informatikdienste
> Gruppe Infrastruktur
> 
> Philipp Tobler
> Wireless Support
> 
> Gesellschaftsstrasse 6
> CH-3012 Bern
> Tel. +41 (0)31 631 49 99
> Fax +41 (0)31 631 38 65
> 
> mailto: 
> wireless AT unibe.ch
> http://wireless.unibe.ch/
> 
> Do you know eduroam? See http://eduroam.unibe.ch/
> ____________________________________
> 
> 08.09.2014 11:39 - schrieb:
> Hi,
> 
>> I've got a report form University of Berne that Symantec Endpoint
> Security reports virus in Eduroam Installer on Windows 8.1.
>> See screenshots in attached mail (sorry, the mail is originally in
> German).
> 
> this has already been reported some time back a couple of times. its a false
> positive and
> that Symantec package has caused the CAT issues in the past eg
> http://mail.geant.net/pipermail/cat-users/2013-April/000071.html
> 
> 
> alan


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature