This Bugzilla instance is a read-only archive of historic NetBeans bug reports. To report a bug in NetBeans please follow the project's instructions for reporting issues.
The installers produced by Netbeans 6.9 are considered to be suspicious by SONAR of Norton Antivirus (at least by the 2010 version) and are therefore prevented from running and deleted/quarantined. While this is not a bug in NB code, it makes the installers pretty much unusable for any developer whose customers/users might have Norton Antivirus installed (not an insignificant portion of people out there). Symantec allows reporting false positives at https://submit.symantec.com/dispute/false_positive/ However, this requires reporting every single installer separately (most likely even different builds). It would be good to submit a generic NB installer instead.
So what actions are expected from installer team? The stub is available at the following locations (same code, different icon) http://hg.netbeans.org/main/raw-file/tip/nbi/engine/native/launcher/windows/dist/nlw.exe http://hg.netbeans.org/main/raw-file/tip/installer/engine/branding/jdk/src/native/launcher/windows/nlw.exe Are those files treated as suspicious by SONAR? If so could you please report it to Symantec by yourself? Unfortunately I don't have Norton Antivirus installed nor can install it due to company security rules. Or I can file it myself if you provide the following info: 1. Are they treated as Malware (e.g. virus, Trojan) or Security Risk (e.g. spyware, adware) 2. What is the name of detection given by Symantec product 3. Screenshot of the detection Thanks, Dmitry
It seem it only happens to the installer in 6.9 Beta (i.e. the exe file). I just tried the new installer in the 201005101712 Build (the vb script) and everything worked fine. Similarly, the files you provided work. For completeness I provide the info for the installer from 6.9 Beta: 1) It just says it was acting suspiciously 2) It is SONAR from Norton Antivirus 2010 (http://en.wikipedia.org/wiki/SONAR_%28Symantec%29) 3) Screenshot of the detection attached
Created attachment 98896 [details] screenshot of Norton Antivirus treatment of the installer created by NB 6.
BTW the statement "You chose to block and remove it" in the screenshot is kind of misleading. Norton removed it automatically. This behavior can be changed, but by default the removal is automatic. Anyway, I think this bug can be closed, unless you are planning to go back to the exe installers.
> I just tried the new installer in the 201005101712 Build (the vb script) We are not distribution nor creating .vb installers! Where have you got that? We are still going with .exe installers for Windows anyway. PS. Don't you have viruses on you computer?
Can it be the case that the suspicious code belongs to your suite's project? Is the issue reproducible with some default suite project created?
*** Bug 186543 has been marked as a duplicate of this bug. ***
It happened in yesterday's nightly build also.
I've submitted the info to Symantec using "false_positive" page but haven't got the confirmation yet. Still waiting for it.
I've submitted another false positive report on 26.05.2010 but again got no confirmation.
I am sorry, I did not realize there are two installer projects for NB applications. The installer with a vb script is part of NetbeansSuiteInstallerBuilder (I thought you switched from exe to vbs). I get the problem even with a minimal application (only Bootstrap, Startup, Filesystem API, Module System API, Utilities API modules) in NB 6.9 RC1. Is there anything else I can do? I think they treat Platinum/Gold Members in a quicker more friendly way, doesn't Oracle have the membership?
> Is there anything else I can do? Thanks for eagerness... but not in this case :() ? I think they treat Platinum/Gold Members in a quicker more friendly way, doesn't Oracle have the membership? Not sure about that but we'll try to find it out.
I also filed a report. If you ignore the Norton warning, NB will install, but the install program then gets deleted.
TO jarome: It is possible to run the installer with Norton on the computer: you can temporarily disable sonar OR exclude the installer's directory from the scan OR just run it and then ask Norton to undo the quarantine. However, this is something WE can do, but we cannot ask our USER's to do it.
Hi, Also F-Secure Client Security reports NB 6.9 RC1 (and RC2) as 'malware': Scanning Report 03 June 2010 09:19:09 - 09:30:53 Result: 2 malware found Trojan-Dropper.Win32.Bototer.no (virus) * D:\Java\NetBeans 6.9 RC1\uninstall.exe\native\launcher\windows\nlw.exe * D:\Java\NetBeans 6.9 RC1\harness\modules\ext\nbi-engine.jar\native\launcher\windows\nlw.exe
6.9RC2 worked with no alarm from Norton.
Microsoft Security Essentials didn't report anything. NetBeans 6.8 didn't have this problem. Why 6.9 has ?!?
puppala, likely at NB 6.8 release time this "virus" signature didn't exist. Does the current F-Secure Client Security detects NB 6.8 as malware?
dlipin, no it doesn't, 6.8 is "clean". Is it so, that this nlw.exe didn't exist in previous NB versions ? 6.9 have copied it in many places, F-Secure complains about all of these: \NetBeans 6.9 RC1\uninstall.exe\native\launcher\windows\nlw.exe \NetBeans 6.9 RC1\harness\modules\ext\nbi-engine.jar\native\launcher\windows\nlw.exe \glassfish-3.0.1-b19\uninstall.exe\native\launcher\windows\nlw.exe \Apache Software Foundation\Apache Tomcat 6.0.26\uninstall.exe\native\launcher\windows\nlw.exe netbeans-6.9rc2-ml-java-windows.exe\native\launcher\windows\nlw.exe netbeans-6.9rc1-ml-java-windows.exe\native\launcher\windows\nlw.exe So why is this new uninstaller different, than previous ?
> Is it so, that this nlw.exe didn't exist in previous NB versions ? No, it exist starting version 6.0. > So why is this new uninstaller different, than previous ? We have a few bug fixes in nlw.exe during the last months/years that is why it differs from release to release. Could you please check which of the following files F-Secure does not complain about and which it does complain? http://hg.netbeans.org/main/raw-file/96b9643206f0/nbi/engine/native/launcher/windows/dist/nlw.exe http://hg.netbeans.org/main/raw-file/1f60304c703f/nbi/engine/native/launcher/windows/dist/nlw.exe http://hg.netbeans.org/main/raw-file/f5b0c547d5f7/nbi/engine/native/launcher/windows/dist/nlw.exe http://hg.netbeans.org/main/raw-file/7cd87ce4dcdc/nbi/engine/native/launcher/windows/dist/nlw.exe http://hg.netbeans.org/main/raw-file/99fb1ac270aa/nbi/engine/native/launcher/windows/dist/nlw.exe Thanks in advance.
Hmm. It didn't complain about any of those !?
In fact, this morning F-Secure doesn't complain about any of my 6.9 installations, RC1 nor Rc2 !? Yesterday I sent this "nbi-engine.jar" file to F-Secure as a sample. Can they be this quick to update their virus database ... suppose they have to be !? Consider this resolved. :-)
Created attachment 99807 [details] engine with a bunch of nlw.exe Probably it complains when nlw.exe is in archive? Could you please check F-Secure complains about any files in the attached one?
(In reply to comment #23) > Created an attachment (id=99807) [details] > engine with a bunch of nlw.exe > > Probably it complains when nlw.exe is in archive? > Could you please check F-Secure complains about any files in the attached one? As I said, F-Secure doesn't complain any more about this nlw.exe, no matter archived or plain. :-)
jarome, jirka_x1, could you please check whether Norton's SONAR complains about that bunch of nlw.exe files? http://netbeans.org/bugzilla/show_bug.cgi?id=185095#c20 http://netbeans.org/bugzilla/attachment.cgi?id=99807
I suspect that Norton fixed its signatures since rc2 generated no warnings on 2 different machines.
jarome, puppala, thanks! Great to hear that! Closing as works for me at this moment.
http://hg.netbeans.org/main/raw-file/99fb1ac270aa/nbi/engine/native/launcher/windows/dist/nlw.exe triggered Norton on one machine, but not on another. The others were OK.
was virus databases in sync on those systems? This file (at the link you mentioned) is 13 months old, and correspond to 6.7 release. Theoretically all the rest files in my comment#20 should be complained as well... since the first one is used in 6.9 RC builds. Mystery.
After updating Norton, all exe files in native\launcher\windows passed. (Before the update, nlw[1-5].exe passed, but nlw.exe triggered a warning). Great! Thanks a lot for fixing this!