Bug 117224 - CheckPoint EndPoint Security quarantines SImpress.exe and SBase.exe due to icon
Summary: CheckPoint EndPoint Security quarantines SImpress.exe and SBase.exe due to icon
Status: RESOLVED NOTOURBUG
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Impress (show other bugs)
Version:
(earliest affected)
6.0.3.2 release
Hardware: All Windows (All)
: medium normal
Assignee: Not Assigned
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-04-25 08:42 UTC by Philipp Gühring
Modified: 2018-05-15 07:32 UTC (History)
1 user (show)

See Also:
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Gühring 2018-04-25 08:42:44 UTC 
Description:
CheckPoint EndPoint Security quarantines the EXE files of LibreOffice due to icons that look similar to Microsoft Word that are contained in the files.


Steps to Reproduce:
1. Get Access to CheckPoint Endpoint Security
2. Install LibreOffice
3. Wait until it is detected

Actual Results:  
CheckPoint does a PopUp that says that SImpress.exe was found and quarantined

Expected Results:
It should not be quarantined and should be useable instead.


Reproducible: Sometimes


User Profile Reset: No



Additional Info:


User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; UGIS_AT; rv:11.0) like Gecko
Comment 1 Buovjaga 2018-05-14 17:35:53 UTC 
(In reply to Philipp Gühring from comment #0)
> Description:
> CheckPoint EndPoint Security quarantines the EXE files of LibreOffice due to
> icons that look similar to Microsoft Word that are contained in the files.

How do you know the icons are the reason?
Comment 2 Philipp Gühring 2018-05-15 07:22:19 UTC 
The "Malware Report" says: "Suspicious activity observed ( Looks like a known icon: office2013_wordicon (14_204:12) )"
Comment 3 Buovjaga 2018-05-15 07:32:37 UTC 
Ok, so report it as a false positive to CheckPoint.