Symantec antivirus deletes PDFCreator 1.2.3


#1

Starting from 2016-11-19 Symantec Endpoint Protection and other antiviruses started to detect installation file PDFCreator 1.2.3 as a virus (WS.SecurityRisk.3)
Here is VirusTotal.com report
File Hash:
0b3911c78324d5c00c195909f289d8615638c9d3f1162bc57c6c780ecb660656
As a new user I cannot post direct link to VirusTotal but this has can help to find it

Antivirus begins to delete the files.

Developers, please contact with Symanteс and ask them to remove this from their database.


#2

Hi,

version 1.2.3 is no longer officially supported or linked in our download area, so depending on where you got it from it might be an actual threat added by some third party.

Best regards,

Robin


#3

I get it from your official site. The file was not modified. So the issue is with antiviruses that for some reason added installation file to their databases. I cannot use newer version due to some issues. Could you please contact Symanteec and report the issue? You can test your binaries on virustotal.com to make sure that it is not the issue with my file, but with antivirus itself.
This may confuse users and get negative associations with pdfCreator.


#4

Hi,

I can understand your concerns and of course we want to get rid of any false detections in general. I just put the setup through Symantec Endpoint protection (this is what we use on all our machines) and it didn’t find any threat; so maybe the heuristic settings for your installation of symantec have been changed recently, causing the false detection. Did Symantec flag the actual setup, or did it detect something while running it? It might try to download an offer screen which can be blocked as PUP or similar, but if this is blocked the setup will still pass.
Contacting Symantec will usually only help if there is something we can change to stop them false detecting the threat (speaking from past experience), but no changes will be made to PDFCreator 1.2.3. Which issues are you encountering in the recent releases? We would rather put our time and energy into fixing those.

Best regards,

Robin


#5

Thank you for the interest about my issue.
I have Symantec Endpoint protection 12 configured by my administrator so I don’t know all the settings.
It has detected setup file PDFCreator-1_2_3_setup.exe I have. It reported the file right in the middle of regular work. I did not run the setup. Already installed version works fine and is not detected for now.
I contacted symantec and reported about the issue.
Here is response from them:

Upon further analysis and investigation we have determined that the software in question meets the necessary criteria to be detected as Potentially Unwanted (PUA) and will be reclassified accordingly.

As they did not want to remove the file from database completely I decided to contact you so you can ask them about what the problem is. (As I said I cannot manage settings of antivirus to ignore PUA)

When I executed the check on virustotal today I found that the file is already not detected
www .virustotal .com/ru/file/0b3911c78324d5c00c195909f289d8615638c9d3f1162bc57c6c780ecb660656/analysis/1480500946/

So the issue remains with other antiviruses like ESET, Avast and DrWeb but my issue is solved.

Regarding your question in recent releases. I tried 1.2.4 and had an issue but it was many time ago I do not remember the concrete issue. I will try to find time to check with the latest version and will create a separate post If I found any issues.


#6

Hi,

the problem with PUA detections is the anti virus companies each have their own definitions for this and any display of adverts is potentially unwanted. This means, the only way to get rid of this false alert would be changing the setup which was released 5 years ago to meet their criteria, which we can’t do as it would mean constantly making changes to 25+ different versions as soon as an AV supplier decides to change its criteria.
Beginning with PDFCreator 2.0 we started offering premium versions which don’t contain any thrid party offers in the setup and therefore cause almost no problems with any anti virus software.
The ads in the free version fund the development, so we can’t simply remove them.

Best regards,

Robin