Jump to content
Sign in to follow this  
Veritor

Real-Time Protection "catches" Norton Hotfix.exe?

Recommended Posts

Once in a "while" (maybe every 3-4 weeks) I get a Real-Time Protection warning popup from SAS that it has caught

 

Trojan.Agent/Gen-FakeAlert[Hotfix].Process

 

and quarantined the file.

 

This file always appears to be connected to Norton 360 in some way. The most recent incident isolated 4 files all named as follows. This is what appears under SAS quarantine:

 

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\LUE\DOWNLOADS\PATCH2943\HOTFIX.EXE

 

The only difference in the 4 filenames is in the 4 digits following "PATCH".

 

I also found a hotfix.exe reference in the Windows PREFETCH directory which remained even after the quarantine. I deleted it.

 

What I'm wondering is this a "real" Norton patch release being caught as a false positive by SAS? I know Hotfix.exe is connected to a fake anti-virus program but I see no evidence of THAT program on my system.

 

I run SAS Pro edition along with Norton 360 and Malwarebytes Pro and I keep them all updated and current.

 

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...