Loading Profile...
Is BeyonExecV2.exe a W32.Stration@mm virus ??
BeyonExecV2.exe is suddenly considered as W32.Stration@mm virus by Symantec Antivirus Corporate Edition. Recently updated to VENM Console v 2008.7.8.228. Is it infected or is it Symantec being paranoid?
I’m confused
4
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
The best solution from the company
-
No, this is a false positive. The W32.Stration@mm is a mass emailing worm and has nothing to do with beyondexec. I'm not sure why Symantec is doing this. I've used it for years and it's fine.
If Symantec is preventing the software from running because of this, you can switch to psexec using the following method:
1 - Open the main system preferences
2 - Click "Support Files"
3 - Locate the drop-down box for the scripting engine
4 - Change it to PSEXEC and choose OK.
It may launch a wizard to download it from Microsoft and put the files into place. Just "next" through it.
PSEXEC and BeyondExec have the same functionality. because PSEXEC is owned by Microsoft, they seem to get better treatment by desktop security vendors.
Programs like this typically get flagged by security software falsely because of the nature of what they do. BeyondEec and PsExec, for example, remotely install a service that allows a remote computer to execute a script in the context of the local machine
If you didn't initiate this activity yourself, it would be something that you would want stopped. Generally, anything that allows you to execute things remotely or remote control desktops are in a constant battle with antivirus softwares to exist because the only difference between them and the bad guys is intent.
I’m sad
The company says
this solves the problem
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?No, this is a false positive. The W32.Stration@mm is a mass emailing worm and has nothing to do with beyondexec. I'm not sure why Symantec is doing this. I've used it for years and it's fine.
If Symantec is preventing the software from running because of this, you can switch to psexec using the following method:
1 - Open the main system preferences
2 - Click "Support Files"
3 - Locate the drop-down box for the scripting engine
4 - Change it to PSEXEC and choose OK.
It may launch a wizard to download it from Microsoft and put the files into place. Just "next" through it.
PSEXEC and BeyondExec have the same functionality. because PSEXEC is owned by Microsoft, they seem to get better treatment by desktop security vendors.
Programs like this typically get flagged by security software falsely because of the nature of what they do. BeyondEec and PsExec, for example, remotely install a service that allows a remote computer to execute a script in the context of the local machine
If you didn't initiate this activity yourself, it would be something that you would want stopped. Generally, anything that allows you to execute things remotely or remote control desktops are in a constant battle with antivirus softwares to exist because the only difference between them and the bad guys is intent.
I’m sad
The company says
this solves the problem
-
Inappropriate?The administrative systems in our network this morning each had BE removed thanks to this as well. It seems as though Symantec is specifically detecting this as the fix is to:
1) hex edit the beyondexec.org url in Company Name portion of the exe to something else
or
2) use UPX to pack the executable
Disabling on-access scanning will allow you to make these changes, which can be re-enabled once the patching or packing has been done.
Submitting a false positive report to Symantec would not be a bad idea but, seeing as how they're blocking the "Company Name" in the executable, the file must be packed in with the Stration virus now. If PSExec is functionally identical, it will likely be packed in and detected later as well unless Symantec is notified that they are blocking a legitimate administration tool.
I’m Bob.
-
Inappropriate?I had the same problem with the Virus Definitions for SAV dated 24/7/08 Rev: 24.
I just updated to the latest Rapid Release Definitions (25/7/08 Rev: 9) which did not report the file as containing W32.Stration@mm. So either update your definitions to the Rapid Release ones manually, or wait until later today when a new Daily version will be out and update using Live Updater then.
I’m wasting hours with Symantec's buggy software again!
-
Inappropriate?You could do an exception if you have a managed environment. -
Inappropriate?Thank you all for your responses.
I temporarily switched to PSEXEC and So far So good. I also updated the virus definitions file to the one from 26-7, so I will try later if this has solved the problem for BeyondExec as Jon suggested.
I’m confident
-
-
Inappropriate?And why does Symantec block Angry IP Scanner too?
Don't they realize that people use these tools for work?
Ugh, big brother = Symantec!
I’m upset!
-
Inappropriate?Steve - re: switching to psexec. When you say to open main system preferences, what exactly are you referring to? Is that within BeyondExec, Windows, or something else?
In my environment, SAV has completely deleted the BeyondExec program. -
Inappropriate?Here's where you can switch to psexec instead of beyondexe: http://screencast.com/t/70zfoWpv
This is within VNCScan. There's a tool bar button for "Preferences".
Does this help? -
Inappropriate?Unfortunately it doesn't. I'm not using VNCScan, just stumbled across this while trying to find out why SAV is deleting the program.
I just have about 200 servers (in remote offices) that have BeyondExec deleted and now have to find a new way to update programs in those offices.
Does anybody know how BeyondExec scripts compare to psexec, or how to convert them? I was under the impression that BeyondExec worked much better on groups of computers than psexec. -
Inappropriate?I've activated PSExec instead of BeyondExec because I was having this exact problem, but it doesn't seem to run the scripts, like the shut down script wont work. It just seems to close without trying to authenticate or anything, do I need to stick anything else onto the server computer?
I’m confused
EMPLOYEE
