Elasticsearch, APM Server, Metricbeat 6.5.1 and Symantec WS.Reputation.1

The newest version of Elasticsearch, APM Server, and Metricbeat (v 6.5.1) causes Symantec to issue a WS.Reputation.1 and quarantine/delete the following .exe files:

path\to\elasticsearch-6.5.1\modules\x-pack-ml\platform\windows-x86_64\bin\controller.exe
path\to\apm-server-6.5.1\apm-server.exe
path\to\metricbeat-6.5.1\metricbeat.exe

The symantec configurations are locked by our central security admin so I can not turn off Insight or exclude these folders from being scanned. Are there any other options? Is there plans to add these to Norton's trusted list?

Thanks for letting us know. I've raised this with the wider team. Unfortunately false positives are a fact of life with this kind of security tool. I'm not sure what the next steps will be at this stage.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.