Ranorex Studio RUN - Symantec Conflict SONAR.Heuristick.155
Posted: Thu Dec 01, 2016 5:35 pm
SUMMARY: This may affect other customers. That is why I am posting this. We are currently running Ranorex Studio 6.1.1 on a Windows 7 (SP1) machine using Internet Explorer 11 for the web app we are testing. This machine also uses Symantec Endpoint Protection v12.1.1101.401 as its anti-virus software. This morning, after running a LiveUpdate from within Symantec, we could no longer run individual scripts from within Ranorex Studio, i.e., we'd open an existing script (.rxrec) and click RUN. When it would try to launch, we'd get a blank Symantec popup. We later discovered this was due to Symantec detecting SONAR.Heuristick.155 as a live threat. We've never seen this problem before. It only started to occur this morning.
In this case, it was a false positive. Symantec interpreted something Ranorex does (i.e., when it tries to run a script) as a SONAR.Heuristick.155 detection. As a result, Symantec would disallow Ranorex to proceed with the net result being the total loss of ability to run a Ranorex script ever again on the machine. That is . . . until we performed below-stated workaround.
WORKAROUND: In the Symantec ‘Proactive Thread Protection’ section, needed to add SONAR.Heuristick.155 as an excluded item. Attached are a few screenshots of the process we used to add this exclusion (within Symantec).
In this case, it was a false positive. Symantec interpreted something Ranorex does (i.e., when it tries to run a script) as a SONAR.Heuristick.155 detection. As a result, Symantec would disallow Ranorex to proceed with the net result being the total loss of ability to run a Ranorex script ever again on the machine. That is . . . until we performed below-stated workaround.
WORKAROUND: In the Symantec ‘Proactive Thread Protection’ section, needed to add SONAR.Heuristick.155 as an excluded item. Attached are a few screenshots of the process we used to add this exclusion (within Symantec).