It's been more than a week of emails and petitions to various departments at Symantec and still no one will address my questions. The closest I got was an email suggesting that I digitally sign my file to avoid False Positives! In other words, I'm arguing with a computer or someone who doesn't read my emails.

This Norton File Insight is really making things difficult for me. I'm trying  to sell my software online. I duly sign my application with a certificate issued by a trusted authority after a proper background check of my business. I'm pulling my hair out. Has anyone had similar problems with Norton File Insight or the support team at Symantec?

Well, I was able to get tech support on the phone. I was told that the problem is with the website - that I have to have to submit the website to Norton Web Safe for inspection.   I said that makes no sense - how does verifying a file's digital signature relate to the website it came from? The tech support person said that verification is tied to the website.

Even if this is true, it still makes no sense. If I had some malware, I could just get my website inspected and then post some malware for download. The better avenue is to have Norton File Insight recognize that the file is digitally signed. It is very, very rare that malware is digitally signed with a certificate issued by a trusted authority. IE9's SmartScreen filter recognizes this (and recognizes that my MSI is digitally signed). So, what's going on?

So, I'm just waiting for my website to be verified as safe and then I'll do this ridiculous test on whether Norton File Insight will verify that file is safe only because it came from a safe website.

So, my website is safe according to norton, but same old nonsense with the MSI.

Why isn't every small software developer up in arms about this? 

Hi chris5567,

You might want to look into having your software whitelisted with Symantec.  Here is the information:

https://submit.symantec.com/whitelist/

White-listing works for about a day. As soon as I post an update to my software, the white-listing status is gone.

I will say one thing in Symantec's defense: they do provide some good customer support. Now that I have the correct phone number, I can get to a human pretty quickly who does try and help me out. I'm waiting on a call-back from a higher-up on this issue.

Hi Chris,

I can confirm that digital signature verification for MSI files has been added in Norton 2012.  Until it releases, there are some other steps I'd like to take to ensure that any FP problems with your software are resolved.  Can you send me a PM with details about your site and how I can download your files?

Thanks,

Jeff

So in the meantime your product impugns the reputation of my company? This is not acceptable.  Verifying digital certificates is arguably the single-most important step in checking for malware. Malware simply are not digitally signed with certificates issued by trusted authorities.  To not check for digital certificates is a basic flaw of Norton File Insight. And come on, this is easy to fix with a patch and it's been at least two years. This is unacceptable.