TERRYRICKETTS 8 Report post Posted November 18, 2014 We are running Retrospect multi-Server 9.5.2.103 on two WIndows Server 2008 R2 64 bit servers. Most of our clients have been recently updated to version 9.5.0.134.4. In the last week our Symantec AntiVirus server started flagging a Retrospect file named 'cntdwn.exe' (or something close to that) on almost every workstation as a virus and started quarantining the files. About the same time the Proactive backups stopped finding any machine to backup. We can still manually backup machines, and I have had to resort to writing scripts to manually do all the machines in each backup set. Symantec claims they are not flagging anything. Are we going to have to reinstall the client on every machine to clean this up? That will be over 500 machines. Recently a couple of the machines had the client removed and reinstalled. We then had to tell the server to forget the machine and then re-add it before it would recognize the client. This is becoming a major time sink and a hassle. Has anyone else run into this problem? Share this post Link to post Share on other sites
TERRYRICKETTS 8 Report post Posted November 18, 2014 An update on our situation. The file name is 'cntdown.exe'. When an exception was added to the Symantec list for that file name the problem went away. We were seeing the flag from Symantec close to 40 times an hour. Now there are none. Also within an hour of the exception being added we had 32 machines respond to Proactive and backup. Share this post Link to post Share on other sites
Scillonian 52 Report post Posted November 19, 2014 I would think that cntdown.exe is related to the a backup is about to begin dialog box that is supposed to be displayed on the client before a backup starts. (In all the years I have been using Retrospect I have never seen this dialog actually appear on my Windows XP, 7 or 8.x clients.) Share this post Link to post Share on other sites
TERRYRICKETTS 8 Report post Posted November 19, 2014 VirusTotal - Results.pdf We checked the file 'cntdown.exe' with 50 different antivirus programs. of them only Symantec flagged the file as a virus. See the attached file Share this post Link to post Share on other sites
Mayoff 124 Report post Posted November 21, 2014 The is a false positive. We have reproduced this and reported it to Symantec. Share this post Link to post Share on other sites
brian9549 0 Report post Posted December 29, 2014 Any response from Symantec? I just installed 9.5 today and am seeing this on every client. Share this post Link to post Share on other sites