Elasticsearch, APM Server, Metricbeat 6.5.1 and Symantec WS.Reputation.1


(Behnam B) #1

The newest version of Elasticsearch, APM Server, and Metricbeat (v 6.5.1) causes Symantec to issue a WS.Reputation.1 and quarantine/delete the following .exe files:

path\to\elasticsearch-6.5.1\modules\x-pack-ml\platform\windows-x86_64\bin\controller.exe
path\to\apm-server-6.5.1\apm-server.exe
path\to\metricbeat-6.5.1\metricbeat.exe

The symantec configurations are locked by our central security admin so I can not turn off Insight or exclude these folders from being scanned. Are there any other options? Is there plans to add these to Norton's trusted list?


(David Turner) #2

Thanks for letting us know. I've raised this with the wider team. Unfortunately false positives are a fact of life with this kind of security tool. I'm not sure what the next steps will be at this stage.