Peter's site blog

Please read ! 
If NO IMAGES will be shown, use instead of


I have prepared a new blog with wordpress at !!!

Thank you.
OT: Strange experience made with Symantec Endpoint Protection and their deficient virus detection 
Tuesday, June 26, 2012, 06:30 PM
Posted by Administrator
Recently I was desperately looking for a possibility to resurrect my Turbo Delphi Explorer Installation. A long time ago I received from Borland a message with a key for it, and that worked perfectly. After my Thunderbird Archiv was not readable anymore (from a DVD-R), I thought it should be no problem to get a key again, but there is no chance to get it again from Embarcadero (they want to sell a $200 XE2 Starter version now - too expensive for a hobbyist programmer).

So I used Google to get an alternative solution and I found a Patch-Program from a Cracker group "FFF". My Symantec Antivirus immediately reported this as a "Trojan" malware program (this is definitely not the case, it's a false alarm - it changes only one file, BDE.EXE ).
I took a Hex Editor and looked into it, and I recognized the file was PECompact 2 packed.
So I unpacked it and uploaded it to
At this time it wasn't recognized from most of the antivirus solution anymore as malware, Symantec AV didn't found malware anymore, too.

This happened 2 month ago. Today I tried to copy this unpacked file again, and Symantec AV recognized it again as malware. So I looked again into the file itself, and I altered the string "PEC2", which was left over from my last unpacking try.
Guess what happened. Symantec AV immediately says nothing anymore (=it's clean).

So the bottom line of it: Symantecs pattern search mechanism is really rudimentary implemented, they look only for "PEC2" and that seems to be enough for them to detect an "exepacked" program ???
That's a reason why I do NOT recommend Symantec and their Antivirus solution at this moment...

If you're interested in working Exepacker detection, just take a look >here<.

P.S.: And btw. does Symantec also analyzing all results from ??

add comment ( 180 views )   |  permalink   |  related link   |   ( 3 / 3261 )

<<First <Back | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | Next> Last>>