IBM Support

IBM Security Guardium's Windows S-TAPs may cause anti-virus false positive alerts

Question & Answer


Question

Why is my anti-virus alerting after unzipping Windows S-TAP files?

Answer

IBM Security Guardium has recently learned that certain anti-virus programs may alert against Windows S-TAP files.

The Windows S-TAP version v10.22.24.14 was removed from Fix Central on January 26, 2017 after previously being available to customers. The zip was taken down as a precaution after IBM found the Symantec Endpoint heuristic detection was flagging the file svcTRC.exe as being malware. The nature of the actions that svcTRC.exe performs fit a pattern that is similar to some malicious programs and therefore it is being flagged. The same Windows S-TAP version v10.22.24.14 that was previously on Fix Central will be available again on Fix Central today.

IBM is working with anti-virus vendors to make sure these files are put on a allowlist to prevent such alerts.

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Guardium S-TAP","Platform":[{"code":"PF033","label":"Windows"}],"Version":"10.0;10.1;10.1.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21997931

Page Feedback