Datto EDR flagging libEcNet.so
I am running BitDefender on a Linux Server used for VPN only. I recently installed BitDefender on it as a test case and Datto EDR is flagging /opt/bitdefender-security-tools/var/lib/modules/guster/guster_2/ecnet/libEcNet.so as a malicious file. I downloaded the file and uploaded to VirusTotal and it also flagged it as malicious (VirusTotal - File - a89cca1f45f3ce0d3ef3060b1a2f9b11a84f2952a0d9fe61979feef77ed4c60d)
This is a new install and I do not believe this is a true malicious file, but I have not had much luck finding any additional information on it. Just an FYI, when I downloaded the file onto my Windows machine for upload to VirusTotal, Windows Defender also flagged it as malicious.
Anybody experience a similar issue?
Comments
-
Hello.
Since you need help with business product, @Andrei_S Enterprise (who provides support for business products) could take a look here and help you with the issue.
Also, you can always contact the Bitdefender business support:
Regards.
0 -
Well, according to the VirusTotal link, if one or two vendors might have detected the file as malicious, then it may have been incorrectly detected. However, when you see Norton, Avast, TrendMicro, ESET, Avira, Microsoft, McAfee, etc., detecting the file as malicious, then there is no way that the file is not malicious. Soon, Bitdefender results will also be updated on VirusTotal.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
0 -
Hello @Yancey ,
Any time when you are in doubt about a file you can submit it directly to our labs team and they will analyze it and determine if it is a false positive or the file is malicious.
The file submission form is available here: https://www.bitdefender.com/business/submit.html
Kind Regards
0 -
I follow you but this is actually a file installed by Bitdefender for Linux. If it is in fact malicious, then there is a bigger issue at play. The full file path is /opt/bitdefender-security-tools/var/lib/modules/guster/guster_2/ecnet/libEcNet.so
It is not being flagged by Bitdefender, but by DattoRMM. I just need Bitdefender to explain what it is and if it is legit or not.
0 -
See my above response. It is a file installed by BitDefender for Linux. I will submit it, but I will have to do so from a system that does not flag it.
0 -
It has been submitted.
0 -
I submitted the file four days ago. How long does it normally take to get a status update?
0 -
Hello @Yancey ,
I reached out to our Antimalware team and they removed the detection today. The file should no longer be detected by our engines.
Kind Regards!
0 -
It is NOT detected by your engines; it is detected by others as malicious. See my VirusTotal link above. My initial query was because DattoEDR is flagging it as malicious because of the VirusTotal results.
0 -
Hello @Yancey,
Sorry for the confusion, I checked the case that you have opened with our support where another file was submitted to our labs team for review.
As for the libEcNet.so file detection this is not malicious and it's an integral part of our product. It is a known problem that some other vendors flag this file as malicious, even though those detections are false positives.
Our antimalware team is taking additional measures so this file will not be flagged or flagged less by other vendors in the future.
Kind Regards,
1 -
I also got in touch with other antimalware vendors that flag the file as malicious of which I got a response back from ESET, Avast & AVG and they have successfully removed the detection as you can check in below stated virustotal link
https://www.virustotal.com/gui/file/a89cca1f45f3ce0d3ef3060b1a2f9b11a84f2952a0d9fe61979feef77ed4c60d?nocache=1
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
-
Thank you, I appreciate your diligence in this. I will mark it as an exception in DattoEDR.
1 -
To provide an update, I have received confirmation from Norton/Symantec & Dr.Web that they have also removed the detection, and the same can be seen on the VirusTotal link
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1
