Versions / Builds Affected
All versionsStatus
ResolvedProblem Summary
Symantec AV is detecting custommessage.exe or endpoinstsecurity.msi as Trojan.Cryptolocker.ZHow to Identify
After scanning a client machine that has the EndPointSecurity agent a virus is detected:
Computer
User
IP Address Risk
Risk Type Risk Count Date Time Domain
Server
Group Action
Source File / Entry
bw7azcgn
SYSTEM
IP - Trojan.Cryptolocker.Z
Malware 1 08/19/2015 23:48:45 Default
\Workstations Quarantined
Manual Scan C:\Windows\Installer\1c1508ac.msi
bw7azcgn
SYSTEM
Trojan.Cryptolocker.Z
Malware 1 08/19/2015 23:48:45 Default
\Workstations Quarantined
Manual Scan C:\Windows\Installer\1c1508ac.msi>>______>>custommessages.exe16Workaround / Fix Details
The False Positive is confirmed.
New definitions should already have this definition updated.Required Actions
Advise client to to update Symantec definitions