False Positives from Symantec

False positives were recently reported by the Symantec and Trend Micro Office Scan Anti-Virus (AV) products. In both cases, they falsely reported a problem with the c_image.exe executable (which simply displays images, such as the Cradle splash screen).

We have arrangements with these and other AV vendors to pre-qualify Cradle executables before release. We do not know why these products have started to produce false positives for c_image.exe, since this executable has not changed and has previously been included in these products’ whitelists.

We have reported this problem to both vendors and can confirm that c_image.exe is in the whitelists of these products as of 11.1.17.

We apologise for any inconvenience caused.

Cradle Splashscreen

Check Cradle Files are Free From Viruses

Every organisation that deploys Cradle will want to satisfy itself that Cradle is safe to install. One free resource that can help is VirusTotal, at:

https://www.virustotal.com/

You can submit files or URLs to this free checking service and have it checked against a wide range of Anti-Virus (AV) products and resources. An example of a check of the Cradle Database Server (CDS), the file: crsvr.exe, is shown in the figure.

Check Cradle Files are Free From Viruses
Check Cradle Files are Free From Viruses
UPDATED: April 2020 – link

False Positive from Bitdefender AV and Related Products

A false positive is reported by the Bitdefender AV product (and products based on it, such as Solarwinds’ AV Defender) for the Cradle Database Server (CDS).

We have arrangements with other AV vendors to pre-qualify Cradle executables before release, but this mechanism does not exist for Bitdefender. We have requested that they add Cradle executables to their whitelist.

In the meantime, if you use Bitdefender or a product based on it, please disable this AV product before installing Cradle, and enable it again afterwards.

We apologise for any inconvenience caused.

bitdefender

Which Anti-Virus Software Do You Use?

Viruses

Antivirus software protects computers. based on a pexels.com image
Anti Virus

As we all know viruses are a sad reality of today’s world. Just like their biological cousins they cause havoc as they move and infect their hosts.

The never ending war against them is fought by many corporations with their anti-virus software. We should all try and ensure our machines are inoculated with the latest databases. We ourselves protect all our machines, and monitor the content of incoming emails (see Related Articles)

False Positives

While most businesses agree a false positive is better than a missed virus, it can cause significant impact for the customer and the vendor.

We have noticed some issue with another false positive from anti-virus software from Symantec. We therefore try to pre-register all of the Cradle executables with anti-virus (AV) software providers. This will ensure that you have no problems installing the Cradle suite.

Registration Mitigation and Issue Notification

We currently white-list register with AVG, McAfee, Kaspersky and Avast and notify Symantec of any problems.
This should lead to trouble free installation for all our customers.

No endorsement or guarantee is implied or given by these third party vendors.

Problems

It would assist 3SL if you have any flavour of AV software that incorrectly highlights Cradle components as problematic.

support@threesl.com

Another Anti-Virus False Positive – Symantec – Norton 360

I am sorry to say that we have been advised that Symantec’s Norton 360 product is, once again, reporting false positive errors against the Cradle Database Server (crsvr.exe), Project Manager (prjman.exe), Cradle Services Manager (csm_service.exe) and the ping_cds.exe test and debug utility in Cradle-7.0.6 – and possibly other versions.

This applies to Norton 360 version v21.7.0.11.

We will report it to Symantec and, once again, urge them to correct their database.

I know that this is not the first time that Symantec have reported false positives against Cradle executables, and it is also not the first time that some of the executables listed above have been reported.

I will update this discussion as soon as we have more information.

We apologise for any inconvenience caused by these Symantec errors.