TERRYRICKETTS Posted November 18, 2014 Report Share Posted November 18, 2014 We are running Retrospect multi-Server 9.5.2.103 on two WIndows Server 2008 R2 64 bit servers. Most of our clients have been recently updated to version 9.5.0.134.4. In the last week our Symantec AntiVirus server started flagging a Retrospect file named 'cntdwn.exe' (or something close to that) on almost every workstation as a virus and started quarantining the files. About the same time the Proactive backups stopped finding any machine to backup. We can still manually backup machines, and I have had to resort to writing scripts to manually do all the machines in each backup set. Symantec claims they are not flagging anything. Are we going to have to reinstall the client on every machine to clean this up? That will be over 500 machines. Recently a couple of the machines had the client removed and reinstalled. We then had to tell the server to forget the machine and then re-add it before it would recognize the client. This is becoming a major time sink and a hassle. Has anyone else run into this problem? Quote Link to comment Share on other sites More sharing options...
TERRYRICKETTS Posted November 18, 2014 Author Report Share Posted November 18, 2014 An update on our situation. The file name is 'cntdown.exe'. When an exception was added to the Symantec list for that file name the problem went away. We were seeing the flag from Symantec close to 40 times an hour. Now there are none. Also within an hour of the exception being added we had 32 machines respond to Proactive and backup. Quote Link to comment Share on other sites More sharing options...
Scillonian Posted November 19, 2014 Report Share Posted November 19, 2014 I would think that cntdown.exe is related to the a backup is about to begin dialog box that is supposed to be displayed on the client before a backup starts. (In all the years I have been using Retrospect I have never seen this dialog actually appear on my Windows XP, 7 or 8.x clients.) Quote Link to comment Share on other sites More sharing options...
TERRYRICKETTS Posted November 19, 2014 Author Report Share Posted November 19, 2014 VirusTotal - Results.pdf We checked the file 'cntdown.exe' with 50 different antivirus programs. of them only Symantec flagged the file as a virus. See the attached file Quote Link to comment Share on other sites More sharing options...
Mayoff Posted November 21, 2014 Report Share Posted November 21, 2014 The is a false positive. We have reproduced this and reported it to Symantec. Quote Link to comment Share on other sites More sharing options...
brian9549 Posted December 29, 2014 Report Share Posted December 29, 2014 Any response from Symantec? I just installed 9.5 today and am seeing this on every client. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.