Announcement

Collapse
No announcement yet.

High Risk virus with HSPI_OMNI.exe

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • High Risk virus with HSPI_OMNI.exe

    while working with Homeseer support I was instructed to uninstall Norton (believing it was restricting an setting.ini update (separate post). After turning Norton back on (didn't believe this to be the issue since it didn't change behavior). I got this alert (see attached). Hadn't seen it before or after and had Norton delete the file which I later reinstalled and after a full Norton scan (and several days of monitoring) so no issue. so either it was a real virus which is concerting since sw is bad, or the fill has virus behavior and then should be registered with Norton (and others). Click image for larger version

Name:	Capture_virus.PNG
Views:	141
Size:	36.1 KB
ID:	1326081 support says antivirus

  • #2
    Interesting - what is your OMNI plugin version?
    HS3Pro Running on a Raspberry Pi3
    64 Z-Wave Nodes, 168 Events, 280 Devices
    UPB modules via OMNI plugin/panel
    Plugins: Z-Wave, BLRF, OMNI, HSTouch, weatherXML, EasyTrigger
    HSTouch Clients: 3 Android, 1 Joggler

    Comment


    • #3
      Norton is notorious for false-positives.

      The specific match is identified as such based on a heuristic pattern of behavior that even a simple cURL script sometimes triggers. They at least acknowledge it, but it tends to be overzealous to proof the point of "ohh goodie, we caught something" which makes a less technical person think they better renew again.

      https://www.symantec.com/security-ce...070510-3442-99

      Whenever in doubt, you can upload the binary if you still have it to: https://virustotal.com/ and it will get scanned by 49 different anti-virus solutions.

      PS: Norton has misidentified Microsoft Word, Diablo game and many other famous apps with this same entry. These get quickly whitelisted when reported, but it shows the sensitive nature. Granted in some cases better safe than sorry, but when it impacts your usage of a system it becomes frustrating.

      Comment


      • #4
        Wow impressed with the on line scan. Here is what I saw here. Note that I am running the Omni plugin in Ubuntu Linux on two machines.

        Click image for larger version  Name:	pic1.jpg Views:	0 Size:	37.3 KB ID:	1326130

        Click image for larger version  Name:	pic2.jpg Views:	0 Size:	73.6 KB ID:	1326131
        Click image for larger version  Name:	pic3.jpg Views:	0 Size:	63.1 KB ID:	1326132

        W32.HfsAutoB on the top is a false positive.

        Did a few more online scans...

        1 - OPSWat Metadefender multiscan score 0/39
        2 - Jotti Malware scan score == > Scan finished. 0/15 scanners reported malware.
        3 - Kaspersky ==> no threats detected
        - Pete

        Auto mator
        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb- Mono 6.8X
        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro - Mono 6.8X
        HS4 Pro - V4.0.5.0 - Ubuntu 18.04/W7e 64 bit Intel Kaby Lake CPU - 32Gb - Mono 6.8X
        HS4 Lite -

        X10, UPB, Zigbee, ZWave and Wifi MQTT automation. OmniPro 2, Russound zoned audio, Smartthings hub, Hubitat Hub, and Home Assistant

        Comment


        • #5
          plug in version

          3.0.2.20

          Comment


          • #6
            fyi as far as detection...I usually don't get any high risk, actually can't remember the last time. I run a windows domain server so typically have nonadmin accounts running most of the stuff. Norton is free to me (most ISP's give it away) and I have 7 computers in two different states and certainly have never had a high risk issue like that, especially for Homeseer related software. what struck me most was it was during this troubleshooting where I disabled norton...felt like something lying in wait.....

            Comment


            • #7
              this felt like a copy on top of the exe. I don't have any issues presently with the plug in running

              Comment


              • #8
                sorry...reading and hitting reply too soon....I don't have the original binary Norton deleted it, its not quarantined in the normal quarantine folder.

                Comment


                • #9
                  Okay got another norton alert (same High Risk) did the 70 virus scan on this one and all good. Sorry for the doubt previously.... Click image for larger version

Name:	double check of hspi_omni.PNG
Views:	58
Size:	32.6 KB
ID:	1331600

                  Comment


                  • #10
                    Norton used to be good before Symantec took over at a time when PC-Tools still existed (showing my age here). They clearly serve a purpose, and I'm sure they prevent some infections, but it seems their overzealous actions to quarantine is done to promote renewal of their subscription and often leads to false-positives and hair-pulling disaster. Norton even falsely identified Windows system files and bricked the entire OS by removing it into quarantine (feel free to Google).

                    It is better than nothing obviously, but I prefer Microsoft Defender then due to low resources, and they might not be as aggressive in catching zero-day exploits as F-Secure or Kaspersky, in the end they will have it as part of their signature database like all the others, but I've never got any false-positives so far or an infection for that matter (fingers crossed).

                    Comment

                    Unconfigured PHP Module

                    Collapse

                    Working...
                    X