Created On:  17 December 2010

Problem:

Micro Focus has identified an issue in DevPartner 10.01.00 in combination with Symantec Endpoint virus scanner. Symantec Endpoint virus scanner version 11.0.5200.333 with definition files 121214x and 121215c incorrrectly flagged the DevPartner library file tcore32.dll as containing the Pythia virus. This is a false positive warning triggered by Symantec, and there is no virus within tcore32.dll. The suspect version of tcore32.dll is branded as file version 1.0.0.1, but accompanies Injector components for build 2.40.27.0.

If you permit Symantec to quarantine tcore32.dll, then DevPartner may try to repair itself on next use, triggering another warning and quarantine. The immediate workaround is to instruct Symantec virus scanner to Restore the tcore32.dll file if you have already selected to Move to Quarantine. Other Symantec products that use these definitions may also exhibit the false positive warning. Other virus scanners including Kaspersky and Microsoft Security Essentials do not show this warning.

Resolution:

Although there is not a virus and the warning may be disregarded in terms of product functionality, Micro Focus has taken steps to remove the false positive warning and the chance of the quarantine/repair race condition in a newer build of tcore32.dll.

The DevPartner 10.01.00 tcore32 patch which contains the fix is available on SupportLine Product Updates here. It contains a new tcore32.dll version 1.0.2.2, corresponding to Injector 2.40.28. It may be applied to either DevPartner Studio Professional Edition or Visual C BoundsChecker Suite, English or Japanese. Note the patch should only be applied only if you experience the problem. Follow the SupportLine posting documentation accordingly.