Heur.AdvML.B virus detected in RBHelpInstaller.exe

nintwala

When the user tries to install ReportBuilder Standard 20.01 for Delphi 10.3 Rio (rbStd26.exe), Symantec EndPoint 14.2 detects a virus on the RBHelpInstaller.exe in temp location C:\Users\\AppData\Local\Temp\miaE17A.tmp\data\OFFLINE\IF2917\63DFB8D0\RBHelpInstaller.exe

This happened on 2 different machines. Is this a false positive reading?

nicocizik

Hi Nirmal,

We have not changed the RBHelpInstaller.exe program for many years. It may be that the virus detection software has updated to a more strict policy.

From my searches, it appears the Heur.AdvML.B is not actually a virus but a feature of Symantec and Norton to Heuristically detect threats to your machine. A simple google search reveals that it commonly causes false positives. I'll keep researching to see why this file is causing a false positive but I doubt Symantec will give details about what they are searching for. This file does have the ability to alter the system registry to install our help into the Delphi IDE (which is a necessity for ReportBuilder).