[rkward-users] [Help] RE: Symatec Endpoint Protection false postive

[SourceForge.net]

The following forum message was posted by tfry at http://sourceforge.net/projects/rkward/forums/forum/165574/topic/4524490:

[quote]I get a false positive warning (Suspicous.AD) on starting
RKWard.[/quote]

Does the virus scanner mention which file(s) exactly it thinks to be suspicious?
On starting RKWard several binaries are started, including some from KDE.

[quote]I started tpo keep getting repeated false postives on some
tmp files.[/quote]

Again, can you name one or two of these?

[quote]Is there something really installed when using the RKWard installer?
Or it just a directrory and only when starting RKWard there some services are
started?[/quote]

You are talking about the "installation bundle" (with KDE, R, and RKWard in
one)? Yes an no. This is really just a self-extracting archive, "installing"
it simply unpacks it, nothing else. (In fact, you can even copy the whole
installation to a USB-key, and use it on a different machine). However, when
starting RKWard, some KDE services are started, indeed. I'd have to check, which
ones exactly, but two processes which will remain active even after quitting
RKWard are dbus and knotify4 from KDE. To get rid of those, you can run
[code]kdeinit4.exe --terminate[/code]
from the command line.

On the first start, KDE will also create a hidden directory ".kde" inside your
user account's "AppData" folder, where it stores various configuration related
items, but also some temporary files. Further, RKWard creates a folder ".rkward"
in your user account's documents folder, where it will store the output file,
among other things. So, if the files in question have a ".kde" or ".rkward"
in their path, then in fact, RKWard is probably to blame for their existance
on your system.

Feel free to ask for more info. And if you could post some of the "suspicious"
filenames, perhaps we can do something to fix this, in the future.

Regards
Thomas