Suspicious insight

mitzu · ‎07-20-2008

Nis 2010 don't detect these files, but when I upload to virustotal the result is: "suspicious insight." I know Nis 2010 is newer so.....

http://www.virustotal.com/ro/analisis/8f89a2035f028f5ef7c83292455efe25b66a95c1d90d00dc99132be008c811...

http://www.virustotal.com/ro/analisis/aff4d621afa548b825ce2ff5ad9ed48ee471e604fb850c8d1429356ac9a301...

3play · ‎01-21-2010

I have no idea precisely what is going on but I suspect that Virus Total can now check the Cloud - the Quorum results . If a known malware for Norton , a definition will be displayed , just like Download Insight in Norton 2010 acts. If the Insight says unknown file BUT with Unproven , Poor or otherwise bad reputation , Symantec on Virus total reports Suspicious.Insight

This means that Virus Total is not using Symantec Corp. AV or SEP but simply Insight Network. If not , there has been a change in SEP 11 I am not aware of (example : including Insight Network in SEP)

mitzu · ‎07-20-2008

I tested over 20 suspicious files on virustotal and the result was: suspicious insight. I hope Nis 2010 to have the same detections soon.

Shridhar · ‎08-14-2008

Hi mitzu :

I also cofirm this.There are some files I tested which were having Suspicious.insight detection on VirusTotal but not on NIS.

I had this question asked quite some time ago .........(no answer received from symantec though ) and I , myself figured out that the product on VT may be connected to Symantec's that server which gets the updates even before we could.

Later, when definitions become available on all their servers , we get the detection.

That might help.

3play · ‎01-21-2010

Shridhar wrote:
Hi mitzu :

I also cofirm this.There are some files I tested which were having Suspicious.insight detection on VirusTotal but not on NIS.

That is not true . Norton provides better protection that Symantec corporate products for antivirus protection because Norton incorporates SONAR and Insight additionally + Safe Web , exploit protection , pulse updates , etc

Suspicious.Insight most likely is this that you see in Norton 2010

or this

Voyager10 · ‎05-03-2008

I can also confirm , on VT all fresh Malware where detected as Suspicious insight , with NIS2010 today Unproven...

i think that has to do with canceled Reser Reputation Detection two days ago , Norton v17.5 detected many False Positives as Reser Reputation 1. and Symantec canceled this Detection .

Norton normally would recognize these Malware now as Reser Reputation 1.

@3play

This Window is not a Detection.

mitzu · ‎07-20-2008

Yes, on VT fresh Malware are detected as Suspicious. Insight. But not all. Some malware where detected as Suspicious.Cloud. At the moment " Reser Reputation" is canceled again. Probably other False Positive?