Please Sign In with Norton Account to Ask a Question or comment in the Community
Product Announcement: Norton Security 22.23.4.6 for Windows is now available!
Posted: 15-Mar-2011 | 8:27AM · Edited: 05-Mar-2020 | 10:04AM · 12 Replies · Permalink
plz remove this or give us an option to turn it off as it doesn't work and how can fewer than 5 users = many indications?? ive had it target windows live now firefox its getting annoying all ws.rep1 so far have been false positives
Posted: 15-Mar-2011 | 8:27AM · Permalink
plz remove this or give us an option to turn it off as it doesn't work and how can fewer than 5 users = many indications?? ive had it target windows live now firefox its getting annoying all ws.rep1 so far have been false positives
Posted: 15-Mar-2011 | 2:17PM · Permalink
The Biggest problem imho is that when a file has good reputation, even if its bad it gets trough...i noticed that 3 days ago, when i was testing NAV, i downloaded like 3/4 files with good reputation (fewer then 5 users rated that as good) and NAV based on that let that malware goes trough? i mean come on....users can be the ones which decide if files are good ar bad, they can help but the main decide has to be the Sonar/heurestics tech, the same tech which imho ignore/automaticlly the files which are rated as good in Norton comunity until you run them, and sometimes even after you run them they are not deteced. So i decided to run the files after i did i get infected and keep on getting intrusion alert like 1 hour perma, but Norton couldnt detect/remove the malware only the behavoir - connection to internet from the file, because it has good reputation? this has to be reworked guys, must be.
Posted: 17-Mar-2011 | 12:04AM · Permalink
hi I don`t think removing WS.Reputat. has helped me prevent quite a few nasty trojan droppers on occasions!
I think this since symantec has already taken into consideration an aidea about manually removing any threat has been given!
this idea or change should even solve the WS.Reputat. problem
Posted: 17-Mar-2011 | 1:50PM · Permalink
it is need to be approved, it is too agressive - such as if file is not in widelly use and have no digital signature - 50% of that it will be deleted directly after download. it is not normal. it is oversensitive, must be patched with over suspicious characteristics (set).
[edit:Fixed posting error.]
Posted: 18-Mar-2011 | 5:00AM · Permalink
Agree.
It is giving false positives and is too aggressive.
It removes the file before the user even gets a chance to review it.
The you have to stuff around for half an hour figuring out how to get the file back.
This "feature" is fast making NIS unusable.
If it is not fixed pronto, I will just uninstall NIS and use the 64-bit native version of either MS Security Essentials or BitDefender seeing as I'm running Windows 7 x64.
Posted: 18-Mar-2011 | 5:24PM · Permalink
well its hit firefox again today and uninstalling nis would be going too far and i don't i think ms security essentials would be a very good alternative as thats for stupid people who are botnets
Posted: 21-Mar-2011 | 10:22AM · Permalink
Hi gabranth! Let me contact the Symantec employees that work on this feature for a response. In the meantime please submit any files you think are false-positives here: https://submit.symantec.com/false_positive/.
Posted: 21-Mar-2011 | 11:07PM · Permalink
Different results: my PC vs. Symantec <on> virustotal.com
Posted: 24-Mar-2011 | 12:31AM · Permalink
that thread has nothing to do with this this is about the rep.1 false positives that thread is about nortan not detecting a possible threat the causes of witch havn't been established and the fact he's offering to send people a file instead of posting the name of the file makes me suspicious
Posted: 28-Mar-2011 | 8:39AM · Permalink
Hi all! You are not the only users who want additional control over the action taken for newer files. This thread (thanks BanMidou!) http://community.norton.com/t5/Norton-Product-Ideas/Let-the-user-decide-whether-or-not-to-quarantine-a-file/idi-p/307052 is where we are currently tracking a similar Idea. If you wish you may chime in to the current Idea under consideration.
More information on detections of WS.Reputation.1 is available in this post:
Posted: 29-Mar-2011 | 6:48PM · Permalink
Download Insight convicts ~ Insight Dispute exonerates ~ Download Insight convicts
So, what's the next step to get this WS.Reputation.1 fixed ?
Posted: 03-May-2011 | 1:44PM · Permalink
A suggestion for limiting such problems: Add the ability for the user to designate certain directory trees as INTENDED for testing software so new that it is very unlikely to have a digital signature or already appear in the Symantec database. For example, those where I've downloaded software from a place I trust, but a place with such a low budget that they can't afford normal digital signatures. Also, I'm about to move back into programming, and will need the ability to compile new programs on my own computer without having them deleted as probable malware.
For all software in such directory trees, the following differences are needed:
1. The absence of the software in the Symantec database, and the absence of a digital signature, are not sufficient reason to delete the software. Warnings, to mention the possibilty of deletions for other users, are more appropriate.
2. In case the scanning causes timing problems in the software, the user needs the ability to specify that it should be scanned ONLY when the software isn't even trying to run.
3. The user needs the ability to specify that files opened by that software must not be locked for exclusive access by the antivirus program, since the software is suspected of not having adequate recovery procedures if it can't access the files the first time it tries.
There are currently 0 users online.
Login or register to participate.