You are perfectly right this has now been going on a long time - dates back to 2009. Hence this is  simple incompetence/ negligence on the part of Norton.  Perhaps  a 100 million $ class law suite might make them recognise that this is unacceptable behaviour.

Perhaps a quick solution is don't delete the file by default but give further information to the user and a choice of action.

For example a screen could pop up that says:

Norton 2010 has detected a potential threat in the downloaded file, but due to poor software engineering at Norton there is a high chance that this is a false positive.

 What action would you like to take?

1. Delete the file

2. Use the file

3. Contact Norton tech support (but don't expect a reply - but hopefully it will make you feel better)

4. Delete Norton (recommended)

:)

 Seriously Norton get your  fingers out and get this sorted , as a tech support person I'm getting sick and tired of sorting out your problems with our customers - our recommendation to them is dump Norton and use a Russian sounding name!

Norton is not reporting WS.Reputation.1 on all the zipped files I'm downloading now but it's still doing it on quite a few. I download several things a week, usually books. I'm not a tech person and if I didn't download as much as I do I probrably wouldn't have questioned Norton's saying a file was infected. A lot of people are probrably not complaining because they don't realize it's a false positive.

Files can be restored once they are removed or quarantined. I'm not sure which post tells how but one of the links in this thread shows how to restore a file. It's not the same on every version of Norton.

I have to agree that this really sucks for the less known programmers. The message that says WS.Reputation.1 will hurt their reputations. How hard would it be for the program to be changed to offer the downloader an option not to quarantine? It could say something like "At this time the file you have downloaded is unrecognized by Norton and we cann't guarantee it's safety. Would you like to remove/quarantine this program?". It could tell a person where to go for more information. I also think saying it's a medium risk is misleading and it should be changed to low.

I solved the problem opening the main window, clicking on WEB Configurations, and disabling the option "Download information".

dhuskes can you explain what you mean a little more. Does that just stop detection of WS.Reputation 1 or does it affect anything else too? I don't see 'web configuration' on my Norton 360.

I am using Norton Internet Security Version 17.7.0.12 (Brazilian Portuguese language).  The option I mentioned just disables the NIS 2010 new "Download Insight" which will not run automatically any more after downloading files. All other NIS' traditional functions remain running normally.

I have to say that the detection of WS.Reputation.1 is extremely annoying, especially to general users. It provides no advantage to customer, only unnecessary confusion and action.

I have reported 3 disputes over the past 2 weeks already. Symantec was happy to remove detection for all those files. However, it is simply impossible for Symantec to know all files in the world. It is unreasonable to ask customers or developers to report "clean" files themselves. In addition, my trust to Download Insight has been decreasing due to the false positives.

As customers, we only need a software that protects us, not annoys us.

Dhuskes Thank's for the explanation. In my version, Norton 360 I would click on Settings, then Antivirus, then Scans and Risks to turn of Insight Network. I've found turning off Sonar right before I scan works for me but now that I figured out how to restore a file and it's not being picked up on every file that's zipped like it did at first I've just been scanning normally and restoring WS.Reputation.1 files. I'm still double checking them at virustotal's website. 

Does anyone know if 'Insight Network' only picks up how well known a file is or does it detect other more important things as well? 

Having seen the many posts on this topic, I thought that I'd add a few further comments.

I run a small software development business, and have a demo installation program that can be downloaded from my web site, which has been running without major problems for the last 8 years. The installation program is a digitally-signed exe file, compiled using Inno Setup, which installs an application of dBASE PLUS. I uploaded the latest version of the program to my web site on May 15th and checked that it downloaded OK - at that time I had Norton Internet Security 2009 installed on my computer.

Last week, I upgraded to NIS 2010, accepting the standard settings, including Download Insight. A few days ago, I did a test download of my program. To my alarm, when the download had finished, a Norton message appeared, advising that a threat had been found. On clicking 'View Details', the following information was displayed:-

My filename (WS.Reputation.1).
This insight Network Threat has been removed.
Fewer than 10 users in the Norton Community have used this file.
File risk is medium.
Startup Item: No. (I've no idea what this means).
Launched: No. (Again, I've no idea what this means).
There are many indications that this file is untrustworthy and therefore not safe!
Origin: My web site. This was ticked as SAFE!

On checking my Download folder, the file wasn't there, of course. So, it appears that, in spite of the fact that my file is DIGITALLY-SIGNED and my web site is rated as SAFE, any potential customers with NIS 2010 are not going to be given

the chance to install my program. This strikes me as a very high-handed and unreasonable attitude for Norton to adopt - to give a warning is one thing, but to remove the file is going too far! I understand that the 'less than 10 users' reason is based on Norton's Community Watch feedback; if this is the case and no Norton users are able to download the file, how is this figure going to increase?

Last year, to avoid Microsoft's 'Unidentified program' message, I went to the expense of purchasing a code-signing certificate, so that I can digitally-sign my exe files, but Insight is ignoring all this and acting as sole judge and jury. It appears to me that, in its current form, Download Insight is ill-conceived and quite unjustifiably causing loss of income and reputation for entirely legitimate businesses. What amazes me is that NIS 2010 was released in September 2009 and, despite all the adverse comments, Symantec have not seen fit to admit that they're wrong and take some positive action, which, at the very least, must be to stop the automatic removal of downloaded files.    
  

Hi All,

We wanted to let the forum users know that Symantec is actively engaged in addressing the false positives seen in the field. At first glance, WS.Reputation.1’s behavior might seem an overkill, and in limited instances, it may exhibit a false positive. That’s not a good thing and I assure you, we’re constantly trying to eliminate false positives  – we have an entire division just focused on this.

That said, I’d like to give you a little background as to why our product reacts in this way, and why we think it’s actually a huge net positive. Last, I’d encourage you to read the work around and ways to report issues that we have posted in the sticky here: http://community.norton.com/t5/Norton-Internet-Security-Norton/Clarification-on-WS-Reputation-1-dete...
 
Today, our research show us that 80% to 90% of malware threats are generated/mutated on the fly by attackers to ensure that each victim is attacked by a previously unseen threat due to which traditional antivirus techniques, such as fingerprinting and even heuristics and behavior blocking are often totally ineffective.  However, these malware files stick out like a sore thumb to our reputation system. This system, the largest of its kind in the world, computes reputation ratings on well over a billion distinct files found on over 55 million participating customers’ machines (it uses complex algorithms, not unlike Google’s PageRank algorithm, to compute these ratings)  and enables us to block 80% or more of all the unknown malware that’s slipping by every other AV product on the market - literally over twenty thousand new threats every day that would otherwise go undetected!

While we do everything in our power to learn about as many files and setups as possible there are occasionally outliers like your legitimate application on which we need more information to further fine-tune our algorithms.

We apologize for the inconvenience, and would like your help in improving the service and preventing any re-occurrence. We can get this information from the dispute system at https://submit.symantec.com/dispute/. <https://submit.symantec.com/dispute/>  - please use it to report any disputes and refer to the link (http://community.norton.com/t5/Norton-Internet-Security-Norton/Clarification-on-WS-Reputation-1-dete... ) for a work around.
 
Thanks again for your patience and cooperation.

JerryM

Norton Forums Moderator

Symantec corporation