05-17-2010 01:28 PM
Sorry to see that there are still issues affecting symantec Products.
To all those who were asking what WS.Reputation.1 is, am sure this Web Link will provide the information those of you were looking for: http://www.symantec.com/security_response/writeup.
jsp?docid=2010-051308-1854-99. Hope this is helpful.
WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.
The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
The way I read that, what it effectively means is that pretty well any newly released file (hence as yet very few users and hence de facto no or poor cloud reputation) will be assigned Reputatation.1 and automatically removed. That is not practical. There has to be a more sensible way to distinguish between real malware/virus and new files or apps from reputable software. or at the very least give users the option to tell NAV that they want that file. Having to recover it from quarantine is a cumbersome and time consuming.
05-17-2010 02:14 PM
We have created a sticky topic to summarize the latest information on WS.Reputation.1. You can find it at the following link - http://community.norton.com/t5/Norton-Internet-Sec
05-17-2010 06:48 PM - edited 05-17-2010 06:56 PM
THIS IS STILL HAPPENING! I'm fed up with Norton. EVERY Firefox dev build, plugin-container.exe is quarantined. Do you not realize these builds are released every several hours (usually, unless there are no changes). As a result of these constant updates, it appears that you have a major FLAW in theWS.Reputat ion.1 detection technology. There won't be the "Wisdom of millions of users for these dev builds". I have to complete multiple steps to resolve this each and every time I update my build which often is several times a day. I have the latest virus defs and this still continues.
How about I uninstall this product and you issue a FULL refund? This is past rediculous.
05-18-2010 12:23 PM
Thanks a lot for your response.
My answer. I downloaded the installation file (GoogleDesktopSetup) from http://desktop.google.com/ on April 15 th 2010. I installed it on the same day. So, it was running less than a month untill the file googledesktopie.dll got quarantined by the Quick Scan routine. I hope this is useful information to you.
05-20-2010 05:54 PM
05-21-2010 01:49 AM
Yes, I am having this problem with a new version of the spideroak client (an .exe file). Given it comes from a trusted source, I am very dubious - it had no problem with the exisitng version. Please sort this out symantec - unitl I came upon this thread my company (which pays a lot of money to both symantec and spideroak) lost the use of our backup/syn facility as the spideroak client had to be updated and the older version stopped fucntioning.
05-21-2010 04:56 AM
Just downloaded the newst GPU-Z version 4.3 and this is the first time I receive the ws.reputation.1 warning after which the file is quarantained. Searching this ridiculous warning I stumble upon this thread. Seems that i am not the only one
Let's make this thread very long so that they start to understand that there are "millions of users" that don't need this kind of protection.
05-22-2010 08:10 AM - edited 05-22-2010 08:14 AM
This is my first time posting on this forum.
Today (May 22) I am getting the same behavior (NIS immediately quarantines the file upon download because of WS.Reputation.1, with the message "This Insight Network Threat has been removed.") while downloading several updates from Adobe for Acrobat 8.
My NIS is version 22.214.171.124.
The URL I'm downloading from is
and the three files triggering the deletion action are
for updates to 8.1.5, 8.1.6, and 8.1.7, respectively.
Adobe updaters to higher and lower versions than these do NOT trigger the NIS action, but because Adobe updates are not cumulative, I can't skip these.
Is this a known false positive? Is its detection considered an item to be fixed by Symantec?
05-22-2010 10:39 AM - edited 05-22-2010 10:41 AM
How do you disable the check for WS.Reputat ion.1? I looked in the signature exclusiions, but it's not listed there. Do I have to disable "Download Intelligence" (which is poorly named consider how stupid it's behaving)?
The stupid thing has been disabling a lot of my programs recently. For example:
1. Can't update to latest nightly loads of Firefox (Minefield) since NIS 2010 deletes the updater.exe file whenever an update is attempted. I have to disable NIS's auto-protect to update Minefield.
2. Starcraft II Beta installer (torrent program that downloads installation files) deleted. Even when I restored it from Quarantine, NIS 2010 complained that running it would almost guarantee infecting my computer with something (HIGH risk).
I've submitted both to Symantec as false positives.
Norton shouldn't just automatically delete the files though. There should be a way to have Norton ask if the file is okay to run since 99% of the time it is.