The installation file: DataMiner 10.2.11.0-12373 Full Upgrade\Update\Files\SLSpiHost.exe seems to be triggering some av-engines, see: https://www.virustotal.com/gui/file/4f4a838983b209bc7ae6172c1ea77de0d26a1a8eba2b002c5d1a2a7bd4363757/detection
It looks like false positives, but can this be confirmed and are all installation packages scanned before published?
Hi, I sure do hope that mentioned file gets whitelisted soon, meanwhile this prevents us from updating our system. As a suggestion, maybe a broader variation of av-engines could be used before publishing to avoid these kind of issues? Meanwhile, I would not state this case as solved..
BR,
Simo
I just heard from our QA Director that the releases of tomorrow (10.2.12 and 10.2 CU9) would have that one line of code removed to avoid this false positive…
Hi Simo, as definition files of these av-engines get continuous updates, these false positive can happen at any moment of time and this is also out of our control even if yesterday everything was still green. We do continue to follow up on this case and we are able to avoid the false positive by commenting out one method we call from the Win32 API. Strangely enough, this method is also used in other processes which are currently not flagged as a false positive today. But, as I mentioned, this can change any time with definition updates… We are currently investigating if we can make a new release without this line of code very soon now. Unless the av-engines would get an update in meantime which fixes this problem.
Anyhow, I do also want to reemphasize that it is perfectly safe to continue to install this release as it is today. It is a false positive, there is nothing wrong with this process, only a few av-engines are a bit too enthusiastic in their detections.