We are getting reports that Symantec AV is flagging InstallBuilder 6.5.3 uninstallers as trojans:

From a customer report:

"The Symantec Endpoint Protection on my machine has virus definitions “22 April 2012 r6”, and thinks the uninstaller contains a Trojan called Bloodhound.Sonar.9 (http://securityresponse.symantec.com/security_response/writeup.jsp?docid=2011-122605-0918-99). I reckon it’s a false positive, but you never know."

Is this a known problem?

asked 23 Apr '12, 06:26

headlondon's gravatar image

accept rate: 0%

This is not an actual virus signature, but rather a heuristic which is triggering incorrectly.

Based on Information on Symantec Website the Bloodhound.Sonar.9 is heuristic based and detects certain behavior. We will report it as a false positive, we recommend the customer does the same. Searching the internet shows that a lot of applications are or were getting false positive for this specific heuristic, so it seems a common problem.

If the Symantec Endpoint Protection does not allow running the uninstaller, here is a workaround: Open Symantec Endpoint Protection, and click Change Settings on the left. Under Proactive Threat Protection, click Configure Settings, and under Sonar, enable the check box Prompt Before Terminating a Process.


answered 23 Apr '12, 06:36

wojciechka's gravatar image

wojciechka ♦♦
accept rate: 26%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 23 Apr '12, 06:26

Seen: 987 times

Last updated: 23 Apr '12, 06:36

Related questions