I'm experiencing problems with Norton 360 detecting risks in advinst.msi and a5c5e2f.msi files and offering only to delete the files presenting those risks. Within the past couple of months, exe installation packages have been deleted by Norton almost immediately after they were built. I feel quite confident that I do not currently have any viruses on my pc and that this is a false positive, but I would like to find a long term solution. Any suggestions? Thank you in advance.
We have already made a submission to Symantec for removing this detection for another product. Can you please give us more details
about your version of Norton so we can make another submission?
I'm afraid the only option is to install Advanced Installer on another machine, for example virtual machine, if the current version
of Norton does not allow you to the file to a trusted zone or something like that.
My version of Norton 360 is the latest current release: 5.1.029.
Norton is at odds with vmdetect.exe in advinst.msi claiming it recognizes Trojan.ADH
Installs built with the Advance Installer are detected as having Suspicious.Cloud.5
Hope this helps. I've gotten in their face a bit in their forums, too.
Hmm, I also experience this with Symantec Endpoint Protection 12.1. The problem seems to have started after I updated from Advanced Installer 9.3 to the latest version, and it doesn't happen every time (or least not on every build.)
The problem presents as an error during the build process (about the Vista UAC execute something or other) but it is actually symantec that has quarantined the file...
For now I have simply disabled auto protect, because I can. Just thought I would let you know.
Thanks for the reply Daniel, unfortunately although similar the symptoms are not exactly the same. In my case the the problem occurs as soon as the build process produces the .exe (single exe with resources inside) and just prior to having some the Vista UAC flag set. The detected virus is also a suspicious.cloud.xx variant. I know that it is a false positive because if I scan the completed executable nothing is detected. It is not a serious problem for me since I am also the Network Administrator but it could be a problem for many of your other users.