The Welkin Suite Forum

Virus detected when installing the Welkin Suite



Virus detected when installing the Welkin Suite

  • Please log in to reply

#1
windows version welkinsuite

all2human

    Posted 16 May 2017

    My Symantec antivirus found the virus SAPE.Heur.C9E31 when trying to install the Welkin Suite. Is this a known issue?



    8 replies to this topic

    #2

    kate.dulko

      Posted 16 May 2017

      Greetings,


      Thank you for contacting us with this information.


      We had the same issue previously, however after we contacted the Symantec antivirus, they scanned The Welkin Suite and have added the IDE to their whitelist.

      May I please ask you to tell us what is the date of the antivirus's database update on your computer? Also, can you please tell ut which version of the antivirus do you have?


      Thank you,

      Kate


      Kate Dulko
      Customer Relations

      The Welkin Suite

      twitter: @KateDulko
      skype id: d_katerina
      e-mail: kate.dulko@welkinsuite.com

       

        


      #3

      all2human

        Posted 16 May 2017

        My company uses Symantec Endpoint Protection version 14 build 1904.  The database for virus protection is Tuesday, May 16th, 2017 r1.  The file version is 170516001.



        #4

        kate.dulko

          Posted 17 May 2017

          Hi,


          Thank you for all the provided information.


          We will contact the Symantec again for additional scanning and for adding The Welkin Suite IDE to their whitelist again.


          The reason why heuristic detection in certain antiviruses reacts in such a way on TWS files is because of the auto-updater functionality in the IDE. The Welkin Suite is based on the Visual Studio Isolated Shell 2013, this way its installation/update should be performed for all users and using Administrator rights is necessary.
          Antiviruses may detect this behavior as a potential malware and based on your settings - even delete such files immediately.


          We kindly ask you to unblock the application in the Symantec Endpoint Protection so it won't delete the file and you would be able to install it.


          Thank you,

          Kate


          Kate Dulko
          Customer Relations

          The Welkin Suite

          twitter: @KateDulko
          skype id: d_katerina
          e-mail: kate.dulko@welkinsuite.com

           

            


          #5

          all2human

            Posted 18 May 2017

            Hi Kate,

            I will have to wait for the whitelist.  I don't have control over Symantec settings.



            #6

            kate.dulko

              Posted 18 May 2017

              Hi,


              Thank you for your response and for your understanding.

              We will extend your trial period for the time when the issue blocks your using The Welkin Suite IDE.


              Regards,

              Kate


              Kate Dulko
              Customer Relations

              The Welkin Suite

              twitter: @KateDulko
              skype id: d_katerina
              e-mail: kate.dulko@welkinsuite.com

               

                


              #7

              kate.dulko

                Posted 01 Jun 2017

                Hi,


                I hope you are doing well. 

                I'm writing to inform you that we've confirmed that The Welkin Suite installation files are analyzed and whitelisted by Symantec Endpoint Protection. Please ensure that your antivirus definitions are up-to-date and you can install The Welkin Suite.


                We have extended your trial for more 15 days, so you can enjoy exploring the IDE. Also, you can use the Getting Started option for find the information about available features and functionalities in The Welkin Suite.


                If yu would have any questions or suggestions, please contact us. We will be happy to assist.


                Regards,

                Kate


                Kate Dulko
                Customer Relations

                The Welkin Suite

                twitter: @KateDulko
                skype id: d_katerina
                e-mail: kate.dulko@welkinsuite.com

                 

                  


                #8

                m.sonsma

                  Posted 02 Nov 2017

                  Hi, 

                  Just started the Welkin Suite today and received the following 'Thread Blocked' notification from Avast virus scanner:

                  Thread name: IDP.ALEXA.51

                  Process: c:\program files (x86)\The Welkin Suite\TheWelkinSuite.exe

                  Detected by: Behavior Shield

                  When I run the Avast scanner on the Welkin folder no issues are reported.


                  Is this the same as issue as reported in the message listed above? 

                  Thx

                  Manfred







                  #9

                  vlgubanovich

                    Posted 02 Nov 2017

                    Hi Manfred,

                    Thank you for contacting us with this issue.

                    According to the various information available on the Avast and AVG forums regarding the IDP.ALEXA.51 detection - this is a high-probability false-positive threat that is detected by some anti-viruses in a significant number of applications. While some anti-viruses admit the false-positives and fight with them (for more than a year already for the IDP.ALEXA.51 detection), others are still reporting valid and safe applications as IDP.ALEXA.51 due to the behavior specific.

                    In short - The Welkin Suite checks for updates on start (as well does The Welkin Suite's Auto-Updater service), and in case if found updates the IDE downloads the signed MSI package from the secure location, checks hashsum of the received file and installs the update when possible. At the same time the IDE accesses it's folder in the AppData to store some information and it also works with the Temp directory creating and deleting files there as needed. Your antivirus software's behavior analysis finds this suspicious and reports the IDE as the "IDP.ALEXA.51" thread.

                    However this is meant to be the normal operations of the IDE - a full-stack application with a lot of features and with the auto-updater functionality, so you should not worry.

                    We are submitting The Welkin Suite IDE to the multiple AV vendors (like Norton, Kaspersky, AVG, etc.) for scan and white-listing, you can also ensure that the executables of the IDE are not infected with known viruses using the VirusTotal website (it's free).


                    We will also contact the Avast to avoid this false-positive detection in the future.


                    Thank you once more,

                    Vladimir


                    Vladimir Gubanovich
                    Head of Product
                     
                    The Welkin Suite
                    skype id: vladimir.gubanovich
                    e-mail: vladimir.gubanovich@welkinsuite.com





                    Boost Your Productivity. Get Started Today

                    Try Free Trial