This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spotty.exe (Helper for Squeezebox) new spotify protocol detected as virus

Hi, I need to install a new way to stream spotify to my squeezebox players due to changes that spotify is implementing.

 

There is a solution that consist on install a plugin from a third party, the plugin runs OK on Linuz but on windows my sophos Endpoint says is a virus.

this is the message I receive:

20170724 010917 On-access scanner has denied access to location "C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe"
20170724 010917 File "C:\ProgramData\Squeezebox\Cache\InstalledPlugins\Plugins\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe" belongs to virus/spyware 'Mal/EncPk-ZC'.

 

 

This is the version I'm running:

Endpoint security and control = 11.0.11 UTM
Support reference = 1.0.462

 

Appreciate your help to verify if the file is definitely a Virus and/or this is a false/positive.

 

Thanks very much in advance for your help



This thread was automatically locked due to age.
Parents
  • I have this same problem. It has also been submitted to Sophos as a false positive by Michael Herger (user mherger) who supports this exe file but it is still detected as false positive.

    On 1st September 2017...

    Malware cleaned up: 'Mal/EncPk-ZC' at 'C:\Users\Robert\Downloads\Spotty\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe'

     

    There seems to be no way around this!

    Any help appreciated.

     

  • Well in the meantime, you could make a file exclusion for spotty.exe or probably more secure, include the full path, i.e.:
    C:\Users\Robert\Downloads\Spotty\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe

    This is assuming it is a false positive.  

    Uploading the file/hash to https://www.virustotal.com/#/home/upload might give you some confidence if it is or isn't.  You may need to disable on-access scanning or make the file exclusion in order to make the submission.

     

     

  • jak said:

    Well in the meantime, you could make a file exclusion for spotty.exe or probably more secure, include the full path, i.e.:
    C:\Users\Robert\Downloads\Spotty\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe

    This is assuming it is a false positive.  

    Uploading the file/hash to https://www.virustotal.com/#/home/upload might give you some confidence if it is or isn't.  You may need to disable on-access scanning or make the file exclusion in order to make the submission.

    I have already tried making file exclusions for both spotty.exe and C:\Users\Robert\Downloads\Spotty\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe 

    Neither exclusion prevents Sophos from removing spotty.exe so I will submit the file and hopefully you will be able to whitelist it or otherwise prevent Sophos from removing it.

     

    Many thanks

  • jak said:

    Well in the meantime, you could make a file exclusion for spotty.exe or probably more secure, include the full path, i.e.:
    C:\Users\Robert\Downloads\Spotty\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe

    This is assuming it is a false positive.  

    Uploading the file/hash to https://www.virustotal.com/#/home/upload might give you some confidence if it is or isn't.  You may need to disable on-access scanning or make the file exclusion in order to make the submission.

    I uploaded the file to virus total and 60 out of 62 antivirus engines found it to be clean. Is there any way I can submit the file to Sophos so it can be excluded from detection as a positive?

     

    Thank you

Reply
  • jak said:

    Well in the meantime, you could make a file exclusion for spotty.exe or probably more secure, include the full path, i.e.:
    C:\Users\Robert\Downloads\Spotty\Spotty\Bin\MSWin32-x86-multi-thread\spotty.exe

    This is assuming it is a false positive.  

    Uploading the file/hash to https://www.virustotal.com/#/home/upload might give you some confidence if it is or isn't.  You may need to disable on-access scanning or make the file exclusion in order to make the submission.

    I uploaded the file to virus total and 60 out of 62 antivirus engines found it to be clean. Is there any way I can submit the file to Sophos so it can be excluded from detection as a positive?

     

    Thank you

Children