The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Sean Holt <seanholt AT brandeis.edu>]

Stefan,

Here are the symantec specific errors I'm seeing. Even after allowing the file, the CAT still throws the error.

Sean

On Wed, Nov 11, 2015 at 1:39 AM, Stefan Winter <stefan.winter AT restena.lu> wrote:

Hi Sean,

> I've attached screenshots of the errors I am seeing. I just tried to
> upgrade to CAT 1.1.1 to see if it would alleviate the issue, but it did
> not. Symantec is triggering it's proactive protection, and the scanner's
> definitions are from 2015OCT23. I've attempted to attach the offending
> sample installer for Windows 7, but gmail also believes the file is a
> virus and won't allow me to email it.

I've uploaded your sample to virustotal.com and cannot reproduce what
you write. There are three scanners which report that the file does
"suspicious" things - a heuristic and generic warning; because triggered
because the installer changes registry.

In particular, Symantec is reported as green checkmark.

(see
https://www.virustotal.com/en/file/64cf94395a29e139b11e396cb839fcff0e563269a4b938aaba3c34f7ea07387f/analysis/1447223405/
)

Also, looking at the screenshots you attached, I don't see anything
about "Proactive Protection" in those at all?

The last screenshot is a message of the CAT installer itself, not
Symantec - we had identified a bug in Symantec Endpoint Protection a
long time ago, and this message informs the user that he needs to jump
through a workaround hoop to finalise the installation.

The bug has nothing to do with virus classification; it is just an
ordinary bug. However, despite reporting the bug to Symantec, it is not
fixed yet it seems.

Is there anything else that I've overlooked?

Greetings,

Stefan Winter

>
> Sean
>
>
>
> On Wed, Oct 21, 2015 at 2:22 AM, Stefan Winter <stefan.winter AT restena.lu
> <mailto:stefan.winter AT restena.lu>> wrote:
>
>     Hi,
>
>     > Is there a way we can fix the issues with SEP from a symantec
>     > administrative perspective? Originally we white-listed the exe, which
>     > seemed to work well for a few weeks, but now the installer is throwing
>     > the same error as before.
>
>     As much as I remember, our "offending" exe file for credential setting
>     was submitted to Symantec a long while ago, and is now included in their
>     whitelist. So you should not be hitting an issue here.
>
>     Is the scanner up-to-date on the machines in question?
>
>     If so, can you send a sample of the installer that is triggering the
>     error to me?
>
>     And, what was the exact error message again?
>
>     Greetings,
>
>     Stefan Winter
>
>     --
>     Stefan WINTER
>     Ingenieur de Recherche
>     Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
>     de la Recherche
>     6, rue Richard Coudenhove-Kalergi
>     L-1359 Luxembourg
>
>     Tel: +352 424409 1 <tel:%2B352%20424409%201>
>     Fax: +352 422473 <tel:%2B352%20422473>
>
>     PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
>     recipient's key is known to me
>
>     http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
>
>
>
>
> --
> Sean Holt
> Wireless Mobility Engineer
> NetSys - Library and Technology Services
> Brandeis University
> 781-736-4565


--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66

--

Sean Holt

Wireless Mobility Engineer

NetSys - Library and Technology Services

Brandeis University

781-736-4565

Attachment: Capture.PNG
Description: PNG image

Attachment: Capture2.PNG
Description: PNG image