Symantec Endpoint Protection Produces False Positive

The information in this article applies to:

  • Prism Deploy
  • Prism Suite
This article is to assist users of Prism products that have experienced false positives with anti-virus solutions such as Symantec Endpoint Protection (SEP). Occasionally, Heuristic Scanning from Symantec Endpoint Protection will identify Prism Packages (.pwc), Prism Rollback (.pwr), or Self-Installing Files (.exe) (executable wrapped Prism Package) as Suspicious.emit.

New Boundary Technologies has performed rigorous malware scanning and testing against all of our product files and package files and have not found any anomalies. Symantec’s identification is therefore a false positive.

New Boundary Technologies is working with Symantec to find a resolution to this issue, until then we recommend that you follow this article.

Recommendations to minimize false positives with Symantec Endpoint Protection and other similar anti-virus applications

New Boundary Technologies recommends that you create an Exception Policy or add to an existing Exception Policy within Symantec Endpoint Protection for Prism Suite, Prism Deploy or Prism Deploy Packager executable and service files, as well as folder structures related to Prism Suite or Prism Deploy.

Folder structures that should have exceptions created for them are:
C:\program files\New Boundary
C:\program files\common files\New Boundary
C:\ProgramData\Prism Deploy

C:\Program Files (x86)\New Boundary
C:\Program Files (x86)\Common Files\New Boundary
C:\ProgramData\Prism Deploy

The following application and service files for Prism products (along with their paths) should have exceptions made for them:
C:\Program Files\New Boundary\Client\PTClient.exe (32-bit)
C:\Program Files\Common Files\New Boundary\PrismXL\PrismXL.sys (32-bit)

C:\Program Files (x86)\New Boundary\Client\PTClient.exe (64-bit)
C:\Program Files (x86)\Common Files\New Boundary\PrismXL\PrismXL.sys (64-bit)

Optional: The following proprietary file types created by Prism products can also be exempted in Symantec:​
.PWC (software deployment package file)
.PWR (software deployment rollback file)
.PWI (package “snapshot” definition file)
.PWF (package “snapshot” file)
.PWSUBS (Prism client subscription file)
.PTS (Prism script file

After creating or modifying your Exception Policy (Symantec Endpoint Protection) to include Prism-related information, ensure that the policy is then applied to all workstations or servers where Prism (product) files may exist.​