symantec endpoint protection complaining

+1 vote
This has been mentioned a few versions earlier I think, but both 1.0.5 and 1.0.6 are being flagged by my company's symantec endpoint protection software. SEP doesn't shut up about, making it impossible to work with these versions
asked Aug 2, 2018 by Rachelle

1 Answer

+1 vote
 
Best answer
There's a limit to how much we can do about this. MultiChain can't run without opening certain ports on your computer, and its traffic will inevitably look somewhat like bitcoin's, since MultiChain extends the bitcoin protocol. However it would be helpful if you could provide information on exactly what is being reported when the software is being flagged, e.g. is it the binary executable, the ports it's opening, its communications protocol, etc?
answered Aug 3, 2018 by MultiChain
selected Aug 6, 2018 by Rachelle
This message, or something similar, was on multichaind.exe and multichaind-cold.exe, for both 1.0.5 and 1.0.6 the message says the following:
Historical Reputation: There is string evidence that this file is untrustworthy.
Historical Prevalence: This file has been seen by fewer than 100 symantec users.
first seen: Symantec has known about this file for 30 days.
current reputation: There is string evidence that this file is untrustworthy
current Prevalence: This file has been seen by fewer than 100 symantec users
URL tracking: On
Category: Malware
Sub category: Insight Network Threat
SONAR Risk level: Not available
SONAR Confidence level: Unknown
Company name: not available
product version: not available

I also found these two links:
https://www.symantec.com/security-center/writeup/2011-091213-5424-99?vid=4294907612
https://www.symantec.com/security-center/writeup/2010-051308-1854-99?vid=4294919973
OK, thanks. The problem appears to be that Symantec is detecting some similarity between MultiChain and Bitcoin Core, which is true because MultiChain began as a fork of Bitcoin Core. We have no easy solution to this without rewriting a large part of the MultiChain code base, so I would recommend talking to your system administrator to understand if an exception can be put in place.
...