[SERVER-23187] Symantec blocks installation of MSI files for MongoDB Created: 16/Mar/16  Updated: 01/Jun/22  Resolved: 01/Jun/22

Status: Closed
Project: Core Server
Component/s: Packaging, Usability
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Alfonso Marin Assignee: Alex Neben
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PDF File 2016-03-16 - MongoDB blocked by Symantec.pdf    
Participants:

 Description   

As part of the MOOC (M101P/2016_March), there is the need to download software.
The download works fine ; however, Symantec blocks & quarantines files (see versions below), marking them as 'malware' due to 'low reputation'
Yes, Symantec has problems detecting 'false positives' ... however, It would be in the best interest of everybody to have you contact them ... every time you release MSI files ... in this way ... your files will be 'marked' as (really) good files.
FYI, with a few of my peers, we are doing the MOOC in the office. Locally, it is not possible to modify the settings of anti-virus ... as the training is not official



 Comments   
Comment by Ramon Fernandez Marina [ 15/Oct/16 ]

Thanks for posting your findings and suggestions on the ticket emaj4mongo, and thanks for coming to the Bug Hunt MUG!

Comment by Edward M. Anderson [ 08/Sep/16 ]

I have reproduced this issue during MongoDB Bug Hunt. Typically it has occurred when an unsigned executable has been downloaded from an location deemed "untrustworthy" by Symantec or my IT admins. I worked around this protection by fooling my computer into thinking I created the msi file. I did this by quickly renaming the extension, copying that file to another folder, and then renaming the extension back to "msi".

I haven't had this problem with production build installers. Maybe the issue is in how the dev build exe is signed. Looking into one of the whitelisting forum entries from Symantec... http://www.symantec.com/connect/forums/how-whitelist-false-positive-sepm

...
there are 3 other things you could also do-
...
2) Sign your files with Class-3 digital certificates (X.509) from a Certificate Authority if you need to publish softwares/files.
...

Comment by Kelsey Schubert [ 18/Mar/16 ]

Hi silmarils,

Thank you for reporting this issue, and thank you for reaching out to Symantec to whitelist the files you mentioned. We will investigate how to best get all of our MSI's whitelisted across versions, branches, and release types, as well as how to add this to our release process going forward.

Kind regards,
Thomas

Comment by Alfonso Marin [ 17/Mar/16 ]

Symantec has just 'whitelisted' the other file (newer version)

Their log:

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

Filename: mongodb-win32-x86_64-3.2.4-signed.msi
MD5: 6ED3154C1E8B725528A8AB04ACC3C196
SHA256: A4FAFBA94DFA41BAC8AF52B3C86A05CFC1AF96FA8D9DB85532A310B3CAABDB31
Result: Whitelisting for above file is taking effect from now on.

Comment by Alfonso Marin [ 17/Mar/16 ]

I did a little bit of research, and reached out to symantec support (very supportive).

First, upon request, Symantec 'whitelisted' one of the files (the one suggested in the MOOC) ; feedback enclosed..

Second ... I did submit another request for the current version.

Thirst ... there is a link for software vendors to request Symantec to 'whitelist' files IN ADVANCE ; from Symantec support: "If you are a software vendor and would like to upload your software for proactive whitelisting, please complete the following form: https://submit.symantec.com/whitelist/ "

So ... time to wait for the whitelists to be refreshed ...

AM

PS:

[Begin Symantec feedback]
Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

Filename: mongodb-win32-x86_64-3.0.10-signed.msi
MD5: E8218AACA6B435BED54D2019ACD50EDB
SHA256: B45B44BAF539E120B7B522AB9FEBA532E426296691DC77ADADF4DFFFD3EB86FB
Result: Whitelisting for above file is taking effect from now on.

[End Symantec feedback]

Generated at Thu Feb 08 04:02:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.