Elasticsearch, APM Server, Metricbeat 6.5.1 and Symantec WS.Reputation.1

Behnam_B · November 22, 2018, 6:37pm

The newest version of Elasticsearch, APM Server, and Metricbeat (v 6.5.1) causes Symantec to issue a WS.Reputation.1 and quarantine/delete the following .exe files:

path\to\elasticsearch-6.5.1\modules\x-pack-ml\platform\windows-x86_64\bin\controller.exe
path\to\apm-server-6.5.1\apm-server.exe
path\to\metricbeat-6.5.1\metricbeat.exe

The symantec configurations are locked by our central security admin so I can not turn off Insight or exclude these folders from being scanned. Are there any other options? Is there plans to add these to Norton's trusted list?

DavidTurner · November 23, 2018, 9:39am

Thanks for letting us know. I've raised this with the wider team. Unfortunately false positives are a fact of life with this kind of security tool. I'm not sure what the next steps will be at this stage.

system · December 21, 2018, 9:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cannot run APM Server with fresh installation on Windows 10 APM server	3	974	May 24, 2020
Elastic Stack 7.5.0 security update Security Announcements	1	6868	December 30, 2019
Question about installing APM server on Windows Platform APM server	6	626	September 8, 2021
Metricbeat doesn't communicate with Elasticsearch Beats elastic-stack-monitoring , elastic-stack-security , metricbeat	2	1367	December 18, 2020
Elastic Certified Observaibility Trainning Course - Lab 8.2 & 8.3 Elastic Training	6	368	August 10, 2023

Elasticsearch, APM Server, Metricbeat 6.5.1 and Symantec WS.Reputation.1

Related topics