• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos1 Stats

Auslogics BootSpeed - false positive

Hello Sirs,

We have recently noticed Norton flagging our flagship product Auslogics BootSpeed as PUA (auslogics.com/en/software/boost-speed/).

We submitted a false positive request via https://submit.symantec.com/false_positive/ but got the request rejected with no explanations and the ability to start any dispute.

We would like to kindly ask for your assistance in getting this issue resolved.

Thanks!

File Attachment: 

Replies

Kudos0

Re: Auslogics BootSpeed - false positive

Filename: boost-speed-setup.exe  6/20/2016 at 9:29:48 AM
Few Users
Hundreds of users in the Norton Community have used this file.
Very New
This file was released less than 1 week  ago.
Good
Norton has given this file a good rating.
static. auslogics. com/en/boost-speed/9/boost-speed-setup. exe
File Thumbprint - SHA:
5355f04a3cf83568359fe022a97bdeefa6d4593e12e44e7d26193e51ed8a35e1
http://s31.postimg.org/eoj46nt4r/screenshot_73.png


Threat name: PUA.Bootspeed
Few Users
Hundreds of users in the Norton Community have used this file.
Very New
This file was released less than 1 week  ago.
Low
This file risk is low.
Filename: boostspeed.exe No Action Required
File Thumbprint - SHA:
80138565a27390689f61c7465327dbcf63e01099388c387af63258330a574606
http://s31.postimg.org/s30sgfp6j/screenshot_74.png ---
http://s31.postimg.org/5ahs0m2bf/screenshot_75.png

Please review > https://submit.symantec.com/whitelist/isv/

Kudos0

Re: Auslogics BootSpeed - false positive

I am still having pua.boostspeed being flagged on my system during scans, with a low threat priority, I'm currently ignoring it each time.

It started just before release 9 was issued, flagging the then current 8 copy;  it has continued with 9 installed, it seems to list all the files for all versions of boostpeed that are on my machine.

Robert

Kudos0

Re: Auslogics BootSpeed - false positive

I checked this also with Auslogics support and they have been told that the problem is fixed by now. However I still see this problem after each scan and I have the latest available version of NIS which is 22.7.0.76.
I do expect that Symantec is working on this fix now with priority.

Kudos0

Re: Auslogics BootSpeed - false positive

Trebor-cymru:  I am still having pua.boostspeed being flagged on my system during scans, with a low threat priority, I'm currently ignoring it each time.

If you want to go against Norton. 
You may (temporary) Exclude from Auto-Protect
You may (temporary) Exclude by Signature > PUA.Boostspeed

Kudos0

Re: Auslogics BootSpeed - false positive

Hello Trebor-cymru

If you are running a Symantec Business Product, you will have to post in their Forum. This one is for consumer products.

http://www.symantec.com/connect/

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.10.1.10 I E 11
Kudos0

Re: Auslogics BootSpeed - false positive

I am a registered user of version 8 of BoostSpeed and a few days I found that it was no longer in my "C:\Program Files (x86)\Auslogics" folder.  I reinstalled it and it automatically recovered my registration information.  However today I again find that it is missing from the folder.  Is this associated with the problem being discussed in this thread?

Kudos1 Stats

Re: Auslogics BootSpeed - false positive

Hello dforrest

I would say it is related to this issue. It was probably removed during a scan since it seems to download ok for  you. If you know that it is safe, then you can list it under Settings>Antivirus>Scans and Risks>Exclusions/Low Risks>Items to Exclude From Scans>Configure. This should be done on a temporary basis since any program might become infected.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.10.1.10 I E 11
Kudos0

Re: Auslogics BootSpeed - false positive

I cannot find the details of this in Norton History but am probably looking in the wrong place.  Can anyone help?

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  I cannot find the details of this in Norton History but am probably looking in the wrong place.  Can anyone help?

Sorry, what are you looking for...

Kudos0

Re: Auslogics BootSpeed - false positive

Confirmation that Norton deleted or quarantined my BoostSpeed folder.

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest: Confirmation that Norton deleted or quarantined my BoostSpeed folder.

http://s31.postimg.org/mj3kerpx7/screenshot.png 

Kudos0

Re: Auslogics BootSpeed - false positive

Thanks, this conforms that it blocked activity but not that it completely deleted the pre-existing folder.

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  Thanks, this conforms that it blocked activity but not that it completely deleted the pre-existing folder.

Yeah, I launched new setup file > Auto-Protect flag PUA.
I do not have prior-install folder.
posted > Permalink
http://s31.postimg.org/s30sgfp6j/screenshot_74.png ---

Kudos0

Re: Auslogics BootSpeed - false positive

I have now found the NS log entry detailing where Norton completely deleted my pre-existing BoostSpeed folder.

Some week days ago I got the PUA.Boostspeed corning when I looked into upgrading from BoostSpeed version 8 to version 9.  This was blocked.  What I now see id that in addition to this, Norton, has twice removed my complete BoostSpeed Version 8 folder.  I have been using this and previous versions of BoostSpeed for years.  All files and folders deleted are listed in the Norton Security Report.  I have reported this to Auslogics, the owner of BoostSpeed and I hope they are also monitoring this as thy originated this thread.

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  All files and folders deleted are listed in the Norton Security Report. 

Have you tried Exclude from All Detection's > [+] Configure > PUA.Boostspeed
Permalink ---Permalink

Kudos0

Re: Auslogics BootSpeed - false positive

I can but surely there is more to this issue than me just excluding it.  Is it happening to everyone who uses Norton Security and BoostSpeed?

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  I can but surely there is more to this issue than me just excluding it.  Is it happening to everyone who uses Norton Security and BoostSpeed?

Okay, my observe is Norton flags launch as PUA.Boostspeed.   If you want/need to go against Norton (short, long term). If you fully trust Auslogics BootSpeed.  Exclude PUA.Boostspeed Signature (work-around).  Regards

Kudos0

Re: Auslogics BootSpeed - false positive

Yes I can, but it will not resolve the issue for all other BoostSpeed users.

Kudos0

Re: Auslogics BootSpeed - false positive

Have uninstalled Boostspeed 9 and re-installed without any query from Norton, however a scan still shows

pua.boostspeed is a problem which I'm ignoring.  If I fix it Norton wipes alll the files listed from my machine.

Tried with the lastest live update files still a problem

Robert

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  Yes I can, but it will not resolve the issue for all other BoostSpeed users.

 Okay, I hear ya.   Just offering (u may try) work-around.
You know best.  Cheers
False Positive request > https://submit.symantec.com/false_positive/-->
Contact vendor > https://submit.symantec.com/whitelist/isv/

Kudos0

Re: Auslogics BootSpeed - false positive

Kudos0

Re: Auslogics BootSpeed - false positive

The following happens when you install a free Auslogics program for instance.

http://www.ghacks.net/2016/06/26/when-software-companies-dont-accept-no/

Kudos0

Re: Auslogics BootSpeed - false positive

Also an existing installation of BoostSpeed 8 is totally removed from my system (folder totally removed) whenever a Norton Quick Scan is run.

Several times in this thread advice has been given on how to set Norton to stop this happening.  This is also the advice Auslogics' technical support is giving.  Surely I should not need to make the decision whether this is a false positive or whether Norton are correct and it is a threat.

Can Auslogics and Norton please resolve this.

Kudos0

Re: Auslogics BootSpeed - false positive

Surely I should not need to make the decision whether this is a false positive or whether Norton are correct and it is a threat.

IMO ~ You're your best protection.  

Kudos0

Re: Auslogics BootSpeed - false positive

I we apply that cross the board, why do we pay Norton for anti-virus protecrtuion at all?

Kudos0

Re: Auslogics BootSpeed - false positive

Kudos0

Re: Auslogics BootSpeed - false positive

Hello

Can you please help dforrest with Auslogics BootSpeed ? Please read this thread to understand what is happening..

Thanks

@Sunil_GA

@Mohan_G

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.10.1.10 I E 11
Kudos0

Re: Auslogics BootSpeed - false positive

Thanks for reporting this @dforrest & @Auslogics. [Ref No: 3964212]

I'll pass this on to our False Positive team.

Mohanakrishnan G | Norton Forums Administrator | Symantec Corporation
Kudos0

Re: Auslogics BootSpeed - false positive

I'm waiting for the same fix, too.

Kudos0

Re: Auslogics BootSpeed - false positive

Square:  I'm waiting for the same fix, too.

Have you tried work-around.?   What does Auslogics advise...?

Kudos0

Re: Auslogics BootSpeed - false positive

We need to be told by Norton whether BoostSpeed is or is not a security problem, not to use a work-around.

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  We need to be told by Norton whether BoostSpeed is or is not a security problem, not to use a work-around.

False Positive request > https://submit.symantec.com/false_positive/-->
Contact vendor > https://submit.symantec.com/whitelist/isv/

Kudos0

Re: Auslogics BootSpeed - false positive

We are going round in circles.  If I complete a "false positive" report I am accepting that it is a false positive.  I am asking that Norton advise whether or not it is a genuine threat to my system.

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  I am asking that Norton advise whether or not it is a genuine threat to my system.

Um, that's the purpose of user submitted false positive form submission.   User requests Symantec review item.  By completing the submission.  Norton will notify user by email the result of Norton review analysis. 
One or two business days.  The forms are monitored 24 hours a day so that Norton can immediately begin to research and correct any issue.
Submit to Symantec for review analysis > see > How to report false positives.

Kudos0

Re: Auslogics BootSpeed - false positive

Quoting from the form "Use this "wizard" to tell us about a situation where you believe that a Symantec or Norton product is incorrectly reporting a clean / good file".  I have no "belief" one way or another so find it difficult to continue with the submission.

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:  Quoting from the form "Use this "wizard" to tell us about a situation where you believe that a Symantec or Norton product is incorrectly reporting a clean / good file".  I have no "belief" one way or another so find it difficult to continue with the submission.

I am asking that Norton advise whether or not it is a genuine threat to my system.

Norton reports >  Threat name: PUA.Bootspeed on the file I launched here Permalink.  

potentially unwanted application #

Programs that computers users wish to be made aware of. These programs include applications that have an impact on security, privacy, resource consumption, or are associated with other security risks. These programs can show a pattern of installation without user permission or notice on a system or be deemed to be separate and different from the application installed.

And VirusTotal report >
File name: boost-speed
Detection ratio: 3 / 56
Analysis date: 2016-06-29

Norton is noting that Auslogics may install a program that you may not want.  Hence, PUA > potentially unwanted application.   As reported here > When Software Companies don’t accept No.  Auslogics is not required by Windows.  Auslogics offers toys.  Do you want Auslogics.  Do you trust Auslogics.  Have you read and agree to Auslogics Terms/Privacy/EULA. 

Okay,  I tried.  Regards

Kudos0

Re: Auslogics BootSpeed - false positive

Hi, thank you all for helping us with this problem. We have solved this issue. Please download the latest version from our site. It doesn't have this false positive. 

Thanks

Kudos0

Re: Auslogics BootSpeed - false positive

Few Users
Fewer than 50 users in the Norton Community have used this file.
Very New
This file was released less than 1 week  ago.
Trusted
Norton has given this file a trusted rating.
Downloaded File boost-speed-setup.exe from auslogics.com
File Thumbprint - SHA:
7e50c2c93bf52832ae523e1f1080c70560d219f1e3a12cf7f749b6957dda69b2


File name:880306
Detection ratio: 1 / 56
Analysis date: 2016-06-29

Kudos0

Re: Auslogics BootSpeed - false positive

@bjm_: I've just read yr PM. Well, I had mentioned that PUP@ https://community.norton.com/en/comment/7010601#comment-7010601

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Auslogics BootSpeed - false positive

20750065: @bjm_: I've just read

File changed and or criteria changed.   Users will think PUA.Bootspeed here Permalink was a F/P. 

Kudos0

Re: Auslogics BootSpeed - false positive

We would like to make it clear that Norton is protecting our customers from unwanted applications. And we do not believe there was a false positive in this case... However, subsequent versions of the programs did change the behaviors in the program that we had issues with, so we have removed detection for them. Detect does stay in place for the older versions of this program. 

PUP Hunter PRO: Just TRYING to save the world (U) from cyber threats, A single blog post, at a time, and ONCE & FOR ALL. (A fan of Nadia_Kovacs)
Kudos0

Re: Auslogics BootSpeed - false positive

Auslogics:

Hi, thank you all for helping us with this problem. We have solved this issue. Please download the latest version from our site. It doesn't have this false positive. 

Thanks

The problem is not resolved.  My BoostSpeed folder and its contents continue to be deleted when I do a Norton quick scan.  This is with your latest Version 9 installed.

Kudos0

Re: Auslogics BootSpeed - false positive

Having waited for the dust to settle, and seeing a claim that the problem is fixed.  This evening I downloaded a new copy of boostspeed 9, installed it, and it said I was replacing the version 9 already installed.  Ran Norton Security 2016 live update which got 2 small updates, but didn't request a restart.  Restarted my win 10 64bit laptop, and after a few minutes ran a quick scan.  Same result, pua.boostspeed flagged. 

Note there was no problem flagged with downloading boostspeed, and the installer executable is not being removed, when the boostspeed folder is purged, if I allow the suggested fix to proceed.

So sorry not fixed as of 8pm UK time Thursday night.

Robert

Kudos0

Re: Auslogics BootSpeed - false positive

bjm_:
dforrest:  We need to be told by Norton whether BoostSpeed is or is not a security problem, not to use a work-around.

False Positive request > https://submit.symantec.com/false_positive/-->
Contact vendor > https://submit.symantec.com/whitelist/isv/

I have received a response from Norton on my "False Positive request".  Is at acceptable for me to post part of this here?

Kudos0

Re: Auslogics BootSpeed - false positive

dforrest:
bjm_:
dforrest:  We need to be told by Norton whether BoostSpeed is or is not a security problem, not to use a work-around.

False Positive request > https://submit.symantec.com/false_positive/-->
Contact vendor > https://submit.symantec.com/whitelist/isv/

I have received a response from Norton on my "False Positive request".  Is at acceptable for me to post part of this here?

Okay by me. 
regarding > Permalink FWIW ~ On my machine if I wanted Auslogics as must have.  I'd try Exclude.  I may always remove Exclude.  Just me. 

Kudos0

Re: Auslogics BootSpeed - false positive

This is the response received from "Symantec Security Response", to my false positive report:

In relation to submission [3969053].

Upon further analysis and investigation we have determined that the following file(s) meet the necessary criteria to be detected by our products and, as such, the detection(s) cannot be revoked:

	Filename: boost-speed-setup.exe
	MD5: 6E09B99538DA7048A806B5C31F6DADD1
	SHA256: 7E50C2C93BF52832AE523E1F1080C70560D219F1E3A12CF7F749B6957DDA69B2
	Result: 

(there was no further addition to the report itself after "Result:", other than information on reconfiguring)

Kudos0

Re: Auslogics BootSpeed - false positive

In relation to submission [3969053].
Upon further analysis and investigation we have determined that the following file(s) meet the necessary criteria to be detected by our products and, as such, the detection(s) cannot be revoked:
Filename: boost-speed-setup.exe
SHA256: 7E50C2C93BF52832AE523E1F1080C70560D219F1E3A12CF7F749B6957DDA69B2

SHA256: 7e50c2c93bf52832ae523e1f1080c70560d219f1e3a12cf7f749b6957dda69b2
File name: boost-speed-setup.exe
Detection ratio: 1 / 53
Analysis date: 2016-07-02


Mohan_G:  Re: Auslogics BootSpeed - false positive
Posted: 29-Jun-2016 | 7:00AM • Permalink
Thanks for reporting this @dforrest & @Auslogics. [Ref No: 3964212]
I'll pass this on to our False Positive team.


Lets see if Mohan_G can figure out whats what......

Kudos0

Re: Auslogics BootSpeed - false positive

Any news on this?

Kudos0

Re: Auslogics BootSpeed - false positive

Hello

It's been a long Holiday weekend here.

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NS with BackUp 22.10.1.10 I E 11