Rptinspectoronlinebroker_0_6_2.exe reported as false positive

.rpt Inspector Online Broker Version:
major.minor.revision

Please tell us about your environment where the Broker is running:

  • Operating System:
    Windows [7]

  • Is this running in a virtual machine:
    No

    • If answered yes above, which virtual machine environment and version:

Please tell us about your environment where the Web Browser is running:

  • Operating System:
    Windows 7

  • Browser kind and version:
    Chrome 68

  • Crystal Reports version:
    Crystal Reports [14.1.x|2011]

Current behavior:
go to website , login, prompts to download the report broker…symantec pops up malware warning
same thing happens with kaspersky.

Expected behavior:

We use Symantec Enterprise Protection (SEP), as standard with always updated definitions and are unable to duplicate this. As indicated in the screenshot below:

  1. Clicked to download the .rpt Inspector Online - Broker
  2. rptinspectoronlinebroker_0_6_2.exe was downloaded without any issues or warnings from SEP.
  3. The latest SEP virus definitions are shown with which the system the download was done on.

We also ran a scan on two other systems, one running Trend Micro and another system running McAfee. All returned no issues found.

We have hundreds of downloads a day and yours is the first report for this 0.6.2 version that was released mid March (.rpt Inspector Online - Broker 0.6.2 released) so it would indicate that the issue is likely on your system.

It may also be helpful if you provide a screenshot / details of the malware that is being falsely identified so we can try to investigate it further.

image


Thank you, this is very helpful. We’ll reach out to Symantec for assistance with what appears to be a false positive. Would you be able to provide similar screen shots for what you’re seeing with Kaspersky so that we can do the same with them?

the Kaspersky one was from my trying using my home computer…i will get you some screenshots of that hopefully tonight after i get home.

Thanks.

Thanks again for bringing this to our attention. We downgraded our SEP version on a another test environment and updated the virus definitions to that of what you had and did get the same alert, which is of course a false positive.

We reached out to Symantec and they have confirmed that this is a false positive on their side as well. They are correcting the false detection which should appear in their definitions within 24 to 36 hours.

Do please let us know what Kaspersky shows on your home computer so that we may initiate similar request with them.

It seems that Kaspersky must have updated their definitions to allow this to go through now.
I tried it again this evening after updating my definitions to the latest ones…and didn’t run into any warnings this time.

I am using Kaspersky Total Security 17.0.0.0.611
database release date 7/30/2018 @ 8:52 p.m.

Thanks for testing this out on Kaspersky as well. We reached out to Kaspersky at the same time as Symantec and Kaspersky too confirmed it was a false positive that would be corrected for their next virus definitions update. So good news that it appears to have already been included. Again, thanks for your help in reporting and testing the false positives and sorry that this was an inconvenience for you in the first place but this also now should help others.

@jnorbut the Symantec updated definitions should have gone through by now (please double check that you’re definitions are the latest) and let us know if the false positive is also now resolved with your version of SEP.

all seems good now with my symantec…yes.

:handshake: Thanks for your help in resolving this!