Universal Media Server | Forum

Hey guys, I've been happily using UMS forever so this is more of a concern than a complaint.

I just upgraded to 2.6.0 and flagged mplayer.exe as having the suspicious.emit trojan. This is the first time I've ever had a UMS install cause any type of security flag. Can anyone help look into this? Better safe than sorry.

Thanks!

I just tried the installation on a different computer and it got flagged there too.

Trend Micro didn't find anything on my PC. Also Spybot didn't flag it either. I think it's a false positive and nothing to worry about

Darned!
I didn't check in the general forum and went posting in the support forum instead of looking here first...
I just posted the same thing. I am not using Norton, I am using the corporate product named Symantec (both from the same company).
viewtopic.php?f=9&t=773
Cheers

I already submitted it as FP to Symantec. After I restored mplayer.exe and removed it from future scans. Got the response today that next def set would fix the FP. The consumer product and enterprise product use the same AV engine(and other malware engines IPS/SONAR). This was a FP caught by the heuristics, so it was a FP not in the hash based AV engine.

As a note-all of you could have done the same: https://submit.symantec.com/false_positive/

And the coders of UMS can submit for whitelisting as well: https://submit.symantec.com/whitelist/

Anyway, should be a non issue.

Cheers.

Thanks jdecape.
Three questions remain, though:
1-are we really-really sure it is a false positive?
2-why did the AV catch mplayer.exe that comes with UMS but then it didn't catch the stock mplayer.exe that can be downloaded on mplayerhq.hu website?
3-am I missing anything by running the stock mplayer.exe instead of the mplayer.exe that comes with UMS?
TIA
Cheers

john3voltas wrote:Thanks jdecape.
Three questions remain, though:
1-are we really-really sure it is a false positive?
2-why did the AV catch mplayer.exe that comes with UMS but then it didn't catch the stock mplayer.exe that can be downloaded on mplayerhq.hu website?
3-am I missing anything by running the stock mplayer.exe instead of the mplayer.exe that comes with UMS?
TIA
Cheers

I'm not 100% convinced (yet). Could you check the mplayer that you downloaded to see if it's the same version? Also, could you do a manual scan of each file so see if there's any discrepancies?

I can't.
Symantec quarantined the mplayer.exe that comes with UMS and I can't get it out of there to run it.
Every time I try, it grabs the file and put it back on the quarantine folder again.
Quarantined files can't be used, so I can't run it from the quarantine folder either.
My stock mplayer.exe is Also, Symantec doesn't have an option to test a single file or folder. Lame...

You may need to temporarily disable auto-protect in order to hold onto the file for a bit. I don't know what version of Symantec you're running but you may be able to right-click on the file and pick virusscan from the menu.

As I said, this version of SEP (symantec endpoint protection) doesn't have a "right-click scan this file". Kinda lame imo.
As for disabling SEP and access the file, even though I disable all SEP services it seems that it is still running because when I try to access the file it still pops up saying it found a threat.
I just can't seem to stop SEP completely...
Cheers