symcd

[Jay Jay]

Starting roughly on 12/2/16 whenever I run CCLEANER 5.20.xxx I get flagged by my AV software and it says

'process: c:\windows\explorer.exe' outbound connection to 'sv.symcd.com' malicious and blocked.

 

symcd domain seems to be associated with akamai/symantec/CSC.   I do not have any Symantec software installed.

 

Any thoughts as to what is going on?

 

 

Thank you,

 

Jay

[DennisD]

Hi Jay, and welcome to the forum.

 

After a little research I find that this doesn't appear to be a CCleaner issue, per se, but do do with (I think) "Symantec Certificate Verification".

 

A Google search pops up a great many similar hits for 'sv.symcd.com', with many different sub domains, and involving many different software applications.

 

And if I sound like I know what I'm talking about, I don't really, so I'll point the CCleaner devs to your post and I'm sure they'll be able to throw more light on whether this is a Symantec Certificate Validation issue.

 

I don't think it's to do with malware, but it wouldn't hurt to make sure your virus scans are up to date and clean.

 

In the meantime if any of the other guys have an answer I'm sure they'll contribute to the topic.

 

Hope that helps.

[hazelnut]

If you right-click on the CCleaner installer or the CCleaner.exe in Program files and select properties, you can select the Digital Signatures tab and click on Piriform in the screen and select Details.

 

You can then chose to view the certificate and also click Symantec and then view the details of the countersigner  (Symantec)

 

Which AV is flagging it?

[Jay Jay]

The AV software that is reporting this is MalwareBytes.  I too am fuzzy about how WIndows 10 and programs interact with Digital Signatures.  I run other programs and do not get this issue.  It seems to be only with CCLEANER.   And I have tried mutliple versions including the latest one.   If someone could clarify

that:  CCLEANER is presenting the OS Windows 10 with a cert and Windows 10 is then going to the cert website that would help.  Should I point the finger

at Malwarebytes, WIndows 10 or CCLEANER?   BTW, I use the internal Firewall and do outbound blocking which may be a factor.  Although MalwareBytes is the one reporting this issue. 

[Jay Jay]

Oops.  Ok.  I went to the Digital Signatures tab.Cert issued by 'Symantec CLass 3 SHA256 Code Signing CA'   Signing time 'Tuesday, November 15, 2016'.

I can go ahead and install the Cert.  My guess is if I do that the Malwarebytes issue will go away.  I am concerned as to why this would have to be a manual process.

[Tom CCleaner]

Hi Jay,

 

This is MalwareBytes flagging the Windows process. Although this occurs when you're opening CCleaner, it's not actually CCleaner that it's reporting, but a false alert based on the information in the Windows system process. You may find that MalwareBytes are able to assist you with this detection specifically