• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos1 Stats

Bad Signatures in your Insight Database

http://img14.imageshack.us/i/60938815.jpg/

This Image show a Adware Downloader where symantec says: Signature and trustworthy (good) 

Here you can see that this C4DLMedia Signature is not Trustworthy

 http://www.virustotal.com/de/analisis/91e0414bd75cd4721920984610441afc51c678e8e41ecce7ff250aab8a0a9fe9-1252615069

7/41 Detections.  Trojan.Win32.C4DLMedia.b  / Adware/Gala

This Adware Downloader install  -Suspicious.Lop-

http://img2.imageshack.us/i/46215212.jpg/

Delete the bad signatures that lead into a false trustworthy. 

Replies

Kudos0

Re: Bad Signatures in your Insight Database

http://img14.imageshack.us/i/60938815.jpg/

This Image show a Adware Downloader where symantec says: Signature and trustworthy (good) 

Here you can see that this C4DLMedia Signature is not Trustworthy

 http://www.virustotal.com/de/analisis/91e0414bd75cd4721920984610441afc51c678e8e41ecce7ff250aab8a0a9fe9-1252615069

7/41 Detections.  Trojan.Win32.C4DLMedia.b  / Adware/Gala

This Adware Downloader install  -Suspicious.Lop-

http://img2.imageshack.us/i/46215212.jpg/

Delete the bad signatures that lead into a false trustworthy. 

Kudos0

Re: Bad Signatures in your Insight Database

The Download Insight team will look into it and figure out what the problem is.  Thank you for bringing it to our attention.

Kudos1 Stats

Re: Bad Signatures in your Insight Database

Thanks bwoirhaye , but we have here the next Problem with Insight.

i found here today an Malware Download , Insight says  "trustworthy (good)" without a Signature and less than 10 Users... Amazing ?

pendenciacpf.com.sapo.pt/instalador1.mkg (found here Malwarebyte Forum )

 http://img183.imageshack.us/i/54499767.jpg/ Insight Message 

http://www.virustotal.com/de/analisis/5e14a4583c2536288c9a1b16b779990d92004b005e0b36bf52fddd600a77fd05-1252663227

14/41 detections 

How could this happen to this "good trustworthy", without to have good evidence ?Message Edited by Voyager10 on 09-11-2009 12:18 PM
Kudos1 Stats

Re: Bad Signatures in your Insight Database

This Problem is fixed , from Good to Unknown .

http://img183.imageshack.us/i/54499767.jpg/ Good , http://img25.imageshack.us/i/81103988.jpg/ Unknown

The First Problem with this bad C4DLMedia Signature -> for Norton Trustworthy is not fixed. 

http://www.google.de/webhp?hl=de#hl=de&source=hp&q=C4DLMedia&btnG=Google-Suche&meta=&aq=f&oq=&fp=64ae5300522d1bb2

Kudos1 Stats

Re: Bad Signatures in your Insight Database

A new Problem with "Insight"

there is a Malware Download from a chinese Site , Insight says  "Trustworthy Good" .

This URL has no Safe Search inspection, this File no Signature and no User Community Usage.

File Insight http://img193.imageshack.us/i/79242350.jpg/

http://www.virustotal.com/analisis/c7cd5545772e006c429cafd9f1939191e3239f7eab52fb4383fd9e412a2dc07d-1252893690

 6/41 Detection 

Sonar 2 Detected this also as a Threat. http://img34.imageshack.us/i/98427712.jpg/ 

Why this Malware File has a Good Trustworthy ?

Kudos1 Stats

Re: Bad Signatures in your Insight Database

Kudos1 Stats

Re: Bad Signatures in your Insight Database

Kudos1 Stats

Re: Bad Signatures in your Insight Database

Kudos1 Stats

Re: Bad Signatures in your Insight Database

Next Insight False Positive, "Trustworthy Good" on a Malware Download with no Signature an no Safe Search Inspection.

File Insight  http://img245.imageshack.us/i/37458903.jpg/

No Sonar2 Detection but we have a Hijackthis detection.  http://img338.imageshack.us/i/54701358.jpg/  ;)

http://www.virustotal.com/analisis/be94a2ed542bc608e72061b140b6c3301d0dceda26ab925c409105fb6f3fa0b8-1253052690

3/41 Detection ...

its very new and very fresh Malware and Insight says Good !? hmm 

Why this Malware File has a Good Trustworthy without to have good evidence ?

Kudos1 Stats

Re: Bad Signatures in your Insight Database

Next Norton Insight False Positive. 

[Removed]

found this URL during testing the object is loaded by malware , Norton Insight says "Download Safe"

http://www.virustotal.com/de/analisis/47132f8c4fb2610141d11fff8f1614ebbea46aa059f6621314c13cee72ffb5ea-1253437910

7/41 , Trojan Dropper

I can go on like this forever until a Symantec technician looks here ;)

[edit: removed link to malicious software per the Participation Guidelines and Terms of Service. Please do not post links to malicious software. Link has been retained for internal reference.]

Message Edited by Tim_Lopez on 09-29-2009 05:59 PM
Kudos1 Stats

Re: Bad Signatures in your Insight Database

Hi folks,

here is some kind of FakeAV, which DownloadInfo says it's clean, although there are less than 10 users and the file has no signature.

The file can be found here: [removed]

Here's a screenshot of the wrong classification:

http://www.abload.de/image.php?img=soft_71.exe1dvtb.jpg

Perhaps you can check and correct.

Regards,

Oliver

[edit: removed link to malicious software per the Participation Guidelines and Terms of Service. Please do not post links to malicious software. Link has been retained for internal reference.]

Message Edited by Tim_Lopez on 09-29-2009 05:59 PM
Kudos0

Re: Bad Signatures in your Insight Database


[edit: removed link to malicious software per the Participation Guidelines and Terms of Service. Please do not post links to malicious software. Link has been retained for internal reference.]

Message Edited by Tim_Lopez on 09-29-2009 05:59 PM

Hi,

I`m sorry for link to malicious software; will not happen again.

Reagrds,

Oliver

Kudos1 Stats

Re: Bad Signatures in your Insight Database

Kudos1 Stats

Re: Bad Signatures in your Insight Database

New Insight FP .

Reputation Green  http://img132.imageshack.us/i/72830022.jpg/

Sonar  http://img44.imageshack.us/i/60939465.jpg/

VT 18/41

http://www.virustotal.com/analisis/49f69fce5fb85757d290fc421fc0e2c971d945513be9cffc8158bf1a83a45d3f-1256118704

I say all the time, do not give Downloads Reputation Green from red marked URLs, is not so difficult to understand !

Message Edited by Voyager10 on 10-21-2009 06:47 PM
Kudos1 Stats

Re: Bad Signatures in your Insight Database

I found similar problems with Download 'Insight', it's a nice idea, but it's inherently flawed and gives people a false sense of security and lets them think that the malware that they have just downloaded is perfectly safe. I noticed several times a download given a green rating when it had come from a red rated URL. Why on earth does that occur?

A feature like this which reassures the user about something they might be suspicious about should either work correctly 100% of the time, or not be included, simple as.

_____________________________________________________________________Microsoft Security Essentials 1.0 - Windows 7 Ultimate x64 RTM (Build 7600)Uninstalled NIS 2010 due to the unfixed IPS driver issue - network has never been faster!

This thread is closed from further comment. Please visit the forum to start a new thread.