This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spotty.exe (Helper for Squeezebox) new spotify protocol detected as virus

Hi, I need to install a new way to stream spotify to my squeezebox players due to changes that spotify is implementing.

 

There is a solution that consist on install a plugin from a third party, the plugin runs OK on Linuz but on windows my sophos Endpoint says is a virus.

this is the message I receive:

20170724 010917 On-access scanner has denied access to location "C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe"
20170724 010917 File "C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe" belongs to virus/spyware 'Mal/EncPk-ZC'.

 

 

This is the version I'm running:

Endpoint security and control = 11.0.11 UTM
Support reference = 1.0.462

 

Appreciate your help to verify if the file is definitely a Virus and/or this is a false/positive.

 

Thanks very much in advance for your help



This thread was automatically locked due to age.
Parents
  • Hi,

    There are a few things you can do from here:

    Submit a sample of the file (C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe) to SophosLabs. https://community.sophos.com/kb/en-us/11490. You will get a response advising if this is/isn't a false positive.  If it is a false positive the detection data will be updated and you're fixed.

    This process shouldn't take long.

    If you want/need to do something in the short term you could:

    Upload the file to https://www.virustotal.com/ if the consensus is that the file is safe you could make an exclusion in SAV for the file.

    This could be the full path:
    C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe
    or just
    spotty.exe 

    The first being more secure/specific.

    Once the Labs have updated the detection you can remove the exclusion.

    Obviously making the exclusion before SophosLabs has given you feedback carries some risk but this could be mitigated by the VirusTotal scan.  

    I hope this helps you make a decision.

    Regards,

    Jak

  • Hi Jak, thanks for the info.

     

    I did the check on virus total and it shows that sophos is detecting it as a virus (see the report attached).

     

    I tried to add the exception to the path and the file and sophos keeps deleting it.

     

    Appreciate your help on what other steps I should take.

     

    thanks in advance for your kind help.

     

    Cheers

    Spotty scan at Virustotal.pdf

     

  • Given that report, I think I would stop the SAVService and send the file to Sophos Labs using the form I previously mentioned.

    Labs should fix this pretty quickly given the sample.

    Regards,

    Jak

  • Hi, sorry for the late reply.

     

    I did upload to Sophos using the form but no news yet.

     

    Is there something else I can do?

     

    Thanks in advance for your help.

     

    Cheers

Reply Children
No Data