UPDATE: We have been able to resolve the issue described in this post with the team at Symantec so that it will not continue in the future. This blog was published before the issue was solved, but we still advise partners to please follow the steps outlined below to ensure that the Intronis software is not blocked by any anti-virus programs.
Currently some Intronis partners are experiencing an issue where Symantec software flags Intronis as a virus and disables our backup software. We wanted to explain why the issue is occurring and offer two quick steps to fix it.
Last week, Symantec rolled out an update to their SONAR technology and this started picking up our software as a false positive.
SONAR is the heuristic component of Symantec Antivirus (SAV) and Symantec Endpoint Protection (SEP). Heuristic definitions are theoretical signatures used to infer which programs are bad instead of using explicitly known definitions like in the old days.
These new definitions have begun to flag Intronis as a security threat on systems running the Symantec family of products, with the effect of throwing our Backup Agent service (BackupAgent.exe) into Symantec’s quarantine. It's an unfortunate result of the new SONAR technology.
Quarantining a file or process is not the same as deleting it. What quarantine does is isolate the file, similar to how hospitals quarantine contagious medical patients. The file gets deleted from the original location and a copy is placed in a hidden folder, an encrypted folder, or a folder with both properties depending on the security software used.
Symantec places files in a hidden folder and further security-locks the folder with different permissions so that you’re not able to get in.
As a result of the quarantine process, the links between our Agent and the rest of our software are severed, and cannot be restored. To return to the hospital analogy, our software in this case is someone who is suspected of carrying the flu even though he’s actually completely fine.
So how do you fix the problem and prevent Intronis from being flagged by Symantec?
We are currently working with Symantec to prevent our software from being flagged in the future.
In the meantime, take these steps:
This will re-establish the links between our Agent and our software.
Add exceptions for Intronis to the SAV/SEP whitelists
These exceptions may include the directory path where the software is installed, such as:
You should also add the following files to your exceptions lists in Symantec:
It’s a good idea to add those files to your exceptions list even if you’re using a different antivirus product.
We’ll notify partners once we are able to work out a permanent solution with Symantec.