Bug 117224

Summary: CheckPoint EndPoint Security quarantines SImpress.exe and SBase.exe due to icon
Product: LibreOffice Reporter: Philipp Gühring <philipp.guehring>
Component: ImpressAssignee: Not Assigned <libreoffice-bugs>
Status: RESOLVED NOTOURBUG    
Severity: normal CC: ilmari.lauhakangas
Priority: medium    
Version: 6.0.3.2 release   
Hardware: All   
OS: Windows (All)   
Whiteboard:
Crash report or crash signature: Regression By:

Description Philipp Gühring 2018-04-25 08:42:44 UTC 
Description:
CheckPoint EndPoint Security quarantines the EXE files of LibreOffice due to icons that look similar to Microsoft Word that are contained in the files.


Steps to Reproduce:
1. Get Access to CheckPoint Endpoint Security
2. Install LibreOffice
3. Wait until it is detected

Actual Results:  
CheckPoint does a PopUp that says that SImpress.exe was found and quarantined

Expected Results:
It should not be quarantined and should be useable instead.


Reproducible: Sometimes


User Profile Reset: No



Additional Info:


User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; UGIS_AT; rv:11.0) like Gecko
Comment 1 Buovjaga 2018-05-14 17:35:53 UTC 
(In reply to Philipp Gühring from comment #0)
> Description:
> CheckPoint EndPoint Security quarantines the EXE files of LibreOffice due to
> icons that look similar to Microsoft Word that are contained in the files.

How do you know the icons are the reason?
Comment 2 Philipp Gühring 2018-05-15 07:22:19 UTC 
The "Malware Report" says: "Suspicious activity observed ( Looks like a known icon: office2013_wordicon (14_204:12) )"
Comment 3 Buovjaga 2018-05-15 07:32:37 UTC 
Ok, so report it as a false positive to CheckPoint.