Recently I've witnessed a benefitial WS.Reputation detection.

Read this blog post on Sunbelt Blog. 

I wanted to see what my NIS will say about that malware file. And guess what the detection was... 

Yes, WS.Reputation.1 

[edit: fixed link at beginning of post.]

I just wanted to say thank you to the forum moderators here like Jerry M and Tony Weiss for posting informative information about what's being done to reduce the # of WS.Reputation.1 false positives. Tony updated the first post in this thread and I think many people experiencing problems with this will appreciate that since they won't have to read through the entire thread to find answers. I personally have seen a reduction in the number of false positives. In the last 2 days I downloaded 6 different .rar files that would have all been quarantined when I first noticed that uninfected files were being quarantined and they all passed through the scan without being removed.

I'd also like to give Norton some credit. I frequently download files from Mediafire which is rated as a safe site on your safeweb page. In the last month Norton has blocked 3 attacks against my computer and they all appeared to be real threats. I suspect that the attacks blocked were coming from Mediafires advertisers and not Mediafire itself since 2 of them occurred before I clicked the download button and one was blocked at the same time I hit the download button. Regardless of where it came from thank's to your protection I didn't have to face a much bigger problem than a false positive from WS.Reputation.1 and I am very glad for that.

---

TomiRed wrote:

Recently I've witnessed a benefitial WS.Reputation detection.

 

Read this blog post on Sunbelt Blog. 

 

I wanted to see what my NIS will say about that malware file. And guess what the detection was... 

 

 

 

Yes, WS.Reputation.1 

 

 

[edit: fixed link at beginning of post.]

 

---

Hi guys,

Please refer to this thread (and watch the video) for more BENEFICIAL occurences of WS.Reputation.1:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Video-about-Norton-Internet-Security-...

I've checked through the various posts on this topic and NIS's Help system, but have been unable to find clear definitions of the following terminology used in the File Insight Details window:-

SIGNATURE. Is this referring to a file's digital (ie code-signing) signature?

RELEASED. Eg as in 'This file was released less than 1 week ago'.

STARTUP ITEM.  ???

---

Rod wrote:

I've checked through the various posts on this topic and NIS's Help system, but have been unable to find clear definitions of the following terminology used in the File Insight Details window:-

 

SIGNATURE. Is this referring to a file's digital (ie code-signing) signature?

Yes. Digital Signature.

RELEASED. Eg as in 'This file was released less than 1 week ago'.

Yes

STARTUP ITEM.  ???

Does it start up with Windows? Yes/No. (i.e. does it have a registry entry to start it up when windows starts)

---

Matt

---

Rod wrote:

Matt,

 

Thanks for your reply, but I'd appreciate some further clarification.

 

I have a digitally-signed exe file, but File Insight says 'No' for Signature.

 

I was perhaps unclear in my question about RELEASE. What I was trying to ask is how is a file's release date defined. I created and uploaded the exe file to my web site last November, but  File Insight says that it was released less than 1 week ago!

 

Rod

 

 

 

---

Hi Rod,

I am going to guess here :-)

As for the signatures, it may be only certain recognised signatures. I have just checked:

A norton file is signed as "Symantec Corporation"

a Microsoft file: "Microsoft Corporation"

Malwarebytes Anti-Malware setup.exe: "MalwareByte's Corporation"

So maybe only Norton-trusted signatures are displayed. I don't know...

as For the release date, I believe it is the date from which Symantec first encountered it. Although, if you had Norton installed on your pc when you created for exe, that should have been the first time.

Have you modified it at all since? :-)

Maybe a moderator can asnwer you better.. :-)

Matt

Hello again Matt,

Thanks for your quick reply, which, I think, indicates that these points are far from clear. If NIS is going to automatically remove my downloads, they should at least clearly define their terminology. I wonder if someone from Symantec can clarfy these 2 remaining issues in my File Insight details:-

SIGNATURE. Why does this say 'No' when my file is correctly digitally-signed (the CA is Comodo) and time-stamped?  

RELEASE. My file was created and uploaded to my web site last November, yet File Insight says that it was 'released' less than 1 week ago. So, how is the release date determined? Surely there must be some simple answer to this.

Rod

I am glad that I just found this. I started a thread about NitroPDF and the Insight issue, but there has been no response. I did get the ws.reputation.1 message...here is what I posted...

I had an issue with NitroPDF Pro a few Months ago. Support just sent me a link to get the fixed program, which will be released soon. The issue is that Insight (NIS2010) removed (Quarantined) it from my PC and I had to get it back. What it said was that less than 10 people had this and so it was not verified. I know it is safe, but will this always happen if I am the first to get files?