Loader

Startclient.exe False Detection

Description

In June of 2025, Tellabs began receiving reports of detections of startclient.exe as malicious malware.  This is a false detection, but is due to the startclient.exe file not having manufacturer information included in the executable.  This causes the scanners to mark the file as malicious and, depending on the vendor and configuration, may result in quarantine of the file in addition to possible quarantining of the entire Panorama software.  This issue is known to have occurred with the Crowdstrike, McAfee, Trellix, Fortinet and Bit Defender platforms.

Applies To

This issue applies to SR31.3 and SR31.4 releases of the Panorama EMS software.

Validations 

You can determine if your software has the startclient issue using the following validation. You can also use a hash of the file to ensure that the file has not been modified since its release from Tellabs and that it therefore has not been altered or co-opted by malicious software.

  • Validation of Issue: Browse to the file which is located in: C:\Tellabs\PanoramaPON-<version>\bbmgr\client\startclient.exe. Then right-click on the file and click the details tab.  For clients, the path included will include the version number in the directory name to distinguish the versions you have installed.  For server installations, the version is not included in the path (as only one version can be included in server installs.
  • If your executable properties say Panorama PON Client for the product name, then your system does not have the issue and should not be detected as malicious.  If the product name is blank, then the file will be detected as malicious when scanned.  
    The following startclient.exe does not have the proper Product Name information and is likely to be flagged by virus-checking software.
     

  • The updated file that corrects this will look like the following entry below.

  • Validation that the flagged file has not been modified: 

You can use one of the tools installed with the EMS to validate that the file has not been modified since it's release from Tellabs by validating the hash of the file.  This allows you to safely put this file onto the ignore list for your virus checker to prevent it from being quarantined:

C:\Tellabs\PanoramaPON\bbmgr\client>certutil -hashfile "startclient.exe" SHA1

SHA1 hash of file startclient.exe:

69eccdd4c82d231ef8537a51247ab523b5a1b481

CertUtil: -hashfile command completed successfully.

  • You can also verify that the patched startclient.exe is the correct one by testing to ensure that the hash of the file is correct.

C:\Tellabs\PanoramaPON\bbmgr\client>certutil -hashfile "startclient.exe" SHA1
SHA1 hash of startclient.exe:e8e99059ca14b7b2e5223aaa1e697e9441dc11c9
CertUtil: -hashfile command completed successfully.

Short Term Mitigations

Tellabs is currently in the process of building an updated application to resolve this issue.  In the interim, it is recommended that the startclient.exe be added to the ignore list on scanning software such as virus checkers, Crowdstrike, Bit Defender, etc. until the formal release of the fix. In addition, an updated version of startclient.exe is available which is compatible with Panorama PON releases 31.4.0.G to 31.4.0.AS to allow manual patching of the affected software.

If the Panorama software has been quarantined, it is likely the application will not be functional since it will not be able to access the required data files. In that scenario, it is recommended the application be removed from quarantine first and verify the application is working again with the updated startclient.exe.  If that does not work, full installation of the updated application, possibly on a reimaged VM or server may be required to get Panorama software working with OLT again.  Contact support for your security software vendor to see if there are capabilities to release the software from quarantine and return it to service.

Resolution

The final resolution to this issue will be available in the SR31.4 AT release or above.  This will soon be posted to the portal.

Once the updated Panorama application build has been released by Tellabs users should attempt to remove the Panorama Application from quarantine. If the existing installation has been successfully removed from quarantine, a normal upgrade of the software will upgrade Panorama to the new release. However, if the existing installation cannot be properly unquarantined, an EMS upgrade will not work, so it may require a new installation on a new server or VM instance. The OLTs will have to be added to the new EMS with the option to read data from OLTs.

After the EMS is successfully working with the updated version and OLTs are under management. If the software was put onto the ignore list, it should now be removed to ensure that any valid issues are detected.

It is critical to ensure that you have good backups of the EMS that are regularly being placed onto storage that is external to the EMS machine. A good backup is necessary to return the EMS to service after any fresh install and should be done as a part of best practices. If the application is quarantined, it is likely that it will prevent backup of the EMS.  Scheduled backup information can be found here:

https://docs.tellabs.com/articles/#!panorama-pon-documents-publication/scheduled-backup/q/scheduled%2520backup/qid/19763/qp/1.  Contact TAC support if you are unable to make a backup due to quarantine of the EMS application.

FEEDBACK: Are you happy with this material?
  •   © 2025 Tellabs Access, LLC. All rights reserved - A Better Way to Build and Operate Networks.

On this page

light-box Image