Please be aware that the definitions currently available for Symantec Endpoint Protection contain a False Positive (FP). Treat as a "known issue" any detections of Trojan.Webkit!html for the file with the following unique hash:
- MD5 75bd3d5707ab06ac4b53eefc41ab729f
- SHA256 5bcd9a716ba1564bf21bf3fa6f55133f076f53b2b17c0177fa5a78dc2bc5c2aa
This legitimate file is often named sh165[1].htm, sh165.html or similar. Some iFrames are malicious and are rightly detected by SEP, but this particular one is in fact harmless and is not a cause for security concern.
Symantec is currently preparing Rapid Release definitions which will remove this detection. It is also possible to configure a SEP organization to use older definitions to avoid the detection (any set before July 23 2014 revision 22 will do), but rolling out new Rapid Release definitions is the recommended approach.
How to Backdate Virus Definitions in Symantec Endpoint Protection Manager
Article URL http://www.symantec.com/docs/TECH102935
The next release of Certified definitions, available via LiveUpdate, will also include the fix.
There is no need to open a Technical Support case about these detections. Just subscribe to this thread- it will be updated as soon as Rapid Release definitions and then Certified defintiions are available which remove this detection.
With thanks and best regards,
Mick