Norton or Symatec False Positives

Started by certforumz, September 11, 2015, 05:54:11 AM

Previous topic - Next topic

certforumz

A number of applications without any virus or malware gets blocked by Norton/Symantec for lack of popularity. Norton anti virus automatically deletes any software that doesn't have much user base, stating that the reputation is not good. Actually, it is a wrong conclusion because user base is linked to reputation of the software. Many small publishers are very unhappy with this kind of classification and in the absence of regulating body, publishers are going to suffer for more time to come.

Here is the link to report any such false positives, and hope that they do some thing!!

https://submit.symantec.com/false_positive/

Guys, dont't hesitate to report any false positives.


certforumz

We had a problem that one of our software files getting marked with WS.Reputation.1. Given below is the reply to our application against false positive:
-------------------------------->>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

In relation to submission [1234567].

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

        some-string- <my-filename>


The updated detection(s) will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Please note that whitelisting can take up to 24 hours to take effect.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, why not take part in our whitelisting program?
To participate in this program, please complete the following form: https://submit.symantec.com/whitelist

<<<<<<<<<<<<------------------------------------------------------------------

We had several refund requests in the past due to Norton/Symantec anti-virus reporting the file as virus-infected, whereas it is not actually so. There are several thread regarding this matter:

http://www.mindworkshop.info/windows/the-norton-symantec-ws-reputation-1-false-positive/

http://community.norton.com/forums/plz-fix-wsreputation1


http://www.infoworld.com/article/2625591/security/epic-fail--auto-deleting-files-based-on-their--reputation-.html


How to stop Norton deleting a file as False Positive:

https://www.youtube.com/watch?v=xMOrAFMbuWk

What could be done to shut-down Norton problem:

A couple of options are immediately available to any of our common customers who see the problem. The file is not deleted, but rather stored in quarantine. So the user can restore it from quarantine it. Insight will not attempt to remove it after that.

To avoid the issue on a download, the technology itself can be turned off. In the UI the technology is called Download Intelligence... knowing that that is the name of the technology, a user can from the main UI easily turn off Insight for the time needed to download a file.

certforumz

Several people have problems with using Norton/Symantec/Veritas anti virus software. Most of the times, this software gives what is known as False Positives. Here is the way to bypass it:

http://www.ghacks.net/2012/06/25/how-to-bypass-symantecs-ws-reputation-1-system/

certforumz

 Mike Gledhill Says about Norton Anti-Virus Download file inspection feature  ..

You CAN turn off this feature.

In the horrible Corporate version of the software, its under Status \ "Virus and Spyware Protection" \ Options, then "Change Settings" and turn off all the rubbish in the Download Insight settings.

In our company, we found that it was getting blocking our employees from installing in-house Excel Addin installations (.exe files) even though they were code-signed and on our intranet, and we had "Automatically trust any file downloaded from an intranet website" ticked.

The worst part is that it just blocks the files - no warning or error is displayed, and the user is left wondering if they really did click on the download link.

That's just nasty software design.

http://www.ghacks.net/2012/06/25/how-to-bypass-symantecs-ws-reputation-1-system/

certforumz

Some more on Norton anti-virus download file insight ...

https://forums.xamarin.com/discussion/27555/norton-reporting-virus-on-downloading-xamarin-android-player-in-windows-8-1

Xamarin is a widely known software vendor and tied up with Microsoft for Xamarin software services.