Unable to download Audigy Support Pack 4 (WS.reputation.1)

twixt · ‎09-26-2011

I have been trying to download the latest Audigy Support Pack Version 4.0 for the past several weeks. The file is autodeleted after download by Download Insight.

I have submitted a report regarding this problem using the Symantec Insight Dispute Submission form - and have received a return email from the false-positives team indicating they have examined my report and determined the file is safe and that File Insight should permit the download.

I received the go-ahead email on Feb 27, 2012. As advised, I brought my NIS completely up to date and attempted to redownload the file. Rejected again.

I thought that propagation delay in Live Update might be responsible for the item not yet getting whitelisted on my machine. As a result, I waited and tried again a few days later. Still no go. I tried again just before posting this message. It has been over a week, and I am still unable to download the file without it being autodeleted.

Has this been attended to?

Thanks for any information on the subject.

Note: Following is the clipboard data from the File Insight entry for the removed item.

----------------------------------------------begin clipboard data----------------------------------------------

d:\internet\download\sound cards\creative\audigy2\daniel_k support packs\4.0\audigy_supportpack_4_0.exe
____________________________
____________________________
On computer as of
2/8/2012 at 12:11:46 PM
Last Used:
3/7/2012 at 2:16:43 AM
Startup Item: No
Launched: No
____________________________
____________________________
Very Few Users
Fewer than 10 users in the Norton Community have used this file.
____________________________
Medium
This file risk is medium.
____________________________
Threat Details
There are many indications that this file is untrustworthy and therefore not safe
____________________________
Origin

Downloaded from http://s749.hotfile.com/get/e8b3ff5718d1e923ee70c4f7aa964f5b7eebeae6/4f57347b/320/dc64fa314c26d547/8...
____________________________
http://s749.hotfile.com/get/e8b3ff5718d1e923ee70c4f7aa964f5b7eebeae6/4f57347b/320/dc64fa314c26d547/8...
SAFE

Downloaded File:
audigy_supportpack_4_0.exe
____________________________
File Actions
File: d:\internet\download\sound cards\creative\audigy2\daniel_k support packs\4.0\audigy_supportpack_4_0.exe
Removed
____________________________
File Thumbprint:
bdaa9128f192f5cae966c4e8cd0efb4fd236f1242094666f5ef3e59bd2995c46
____________________________

-----------------------------------------------end clipboard data-----------------------------------------------

floplot · ‎04-11-2009

Hello Twixt

I just recently got an update for the whitelist, perhaps it was corrected in today's update. Please let us know. Thanks.

Success always occurs in private and failure in full view.

twixt · ‎09-26-2011

floplot wrote:
Hello Twixt

I just recently got an update for the whitelist, perhaps it was corrected in today's update. Please let us know. Thanks.

Hi, floplot. From what I can see of the report, it shows that the first time I attempted that download was Feb 8, 2012. It was certainly rejected then.

I have a vague memory of a thread where someone mentioned that once an item was "triggered" like this, that it "stuck" until something was done to break the "memory" of the problem. I searched on "file insight" and didn't find any references.

Does anyone remember the gist of that thread? Do I have to manually whitelist that file in my NIS Configuration?

Note: I just Live Updated, cleared my Quarantine and tried the download again. Still no joy.

My Quarantine log is filling up with orange dots. I don't like to see orange dots in my quarantine logs.

Hmmmm. Now where did I put that Illudium Q-36 Explosive Space Modulator?

olegausa · ‎11-01-2009

It's common thing for that STUPID AND ANNOYING WS.REPUTATION.1 do such thing. Users are complaining in this forum asking for an option to disable it but unfortunately nothing happens.

Now for a solution to this problem. Open Quarantine than select an entry for a file in question than click Restore & Options linkand in new window that pops up click Restore & exclude this file and than click Yes to confirm your request and wait for file to be restored and than close all opened windows. Be aware that unfortunately this capability isn't implemented properly so instead of excluding specific file(s) from future scans it will exclude the risk signature instead, Hopefuly developers finally will fix this problems soon

twixt · ‎09-26-2011

olegausa wrote:
It's common thing for that STUPID AND ANNOYING WS.REPUTATION.1 do such thing. Users are complaining in this forum asking for an option to disable it but unfortunately nothing happens.
Now for a solution to this problem. Open Quarantine than select an entry for a file in question than click Restore & Options link and in new window that pops up click Restore & exclude this file and than click Yes to confirm your request and wait for file to be restored and than close all opened windows. Be aware that unfortunately this capability isn't implemented properly so instead of excluding specific file(s) from future scans it will exclude the risk signature instead, Hopefully developers finally will fix this problems soon

Hi, olegausa. Thanks for the workaround, which at least got me the file. The annoying thing, from my POV, is that I went through the procedure to get this file whitelisted - got an email from Symantec acknowledging the false-positive and stating they had whitelisted the file - it's now been 10 days since the whitelist notification - and the item is still not whitelisted.

That's why I asked in my originating message for confirmation from a Symantec employee as to whether this item had been attended to - or not. Today, as a test, I updated to NIS 2012 on a machine which had never seen that file - brought the NIS installation completely-up-to-date with LiveUpdate (so no history of ever being quarantined) - tried to download the file - and yup, removed.

BTW, I have not marked your advice as a solution - because it's not a solution - and I want this to remain an open item until Symantec GET THIS FIXED. I would mark it in an instant otherwise. Kudos to you for the workaround, however.

Note to floplot: Yes, there was a Whitelist Update in the LiveUpdate. I am running the latest-'n-greatest. Still broken.

Really, really, really want to see this sorted out - and not have to do workarounds.