• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

File removed based on excluded signature

I downloaded an installer for the K-Lite Codec Pack, and NIS immediately removed it (http://puu.sh/mA39b/a5e7e1bb3f.png) with a signature of WS.Reputation.1, which is odd, since I explicitly excluded that signature from "both risk and SONAR scans" (http://puu.sh/mA39D/a472df3c4f.png). Why is this file still getting removed if I have excluded that signature from detections? Thanks.

Replies

Kudos0

Re: File removed based on excluded signature

Try Exclude from Auto-Protect

Umm, do you have Low Risks set at "Remove"....?

Kudos0

Re: File removed based on excluded signature

Your first image also shows it is a new file with less than 100 Norton users, released about a week ago. If you can wait a little longer, there may be better reputation built for this file.

Where were you downloading from? It is always best to download only from the developer's site.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: File removed based on excluded signature

bjm_: Low risks are set to "Ask Me" (http://puu.sh/mAUct/a0639d9af9.png) and my SONAR setting is also "Ask Me" (http://puu.sh/mAUgE/6ac0cf0f00.png). Unfortunately, the "Items to Exclude from Auto-Protect..." list only lets you input specific paths, not signatures, and I don't want to exclude my entire Downloads directory. Regardless of this specific file, I want NIS to never take action on files with a detection signature of WS.Reputation.1, which is what I thought the outcome would be by adding it to the "Signatures to Exclude" list. P.S.: I've had that signature in my exclusions list for at least a few years, and this is the first time in a while that NIS has automatically removed something with that signature.
Kudos0

Re: File removed based on excluded signature

peterweb: But that's the point of my excluding the WS.Reputation.1 signature--so I don't have to wait for Symantec to arbitrarily decide that some file is "mature enough" to use. And, I am downloading this from an official mirror on the developer's website: http://www.codecguide.com/download_k-lite_codec_pack_basic.htm (mirror 1). P.S.: I split these replies up because I seem to not be able to put line breaks in my posts. Is there some trick to that?
Kudos0

Re: File removed based on excluded signature

amloessb:
bjm_: Low risks are set to "Ask Me" (http://puu.sh/mAUct/a0639d9af9.png) and my SONAR setting is also "Ask Me" (http://puu.sh/mAUgE/6ac0cf0f00.png). Unfortunately, the "Items to Exclude from Auto-Protect..." list only lets you input specific paths, not signatures, and I don't want to exclude my entire Downloads directory. Regardless of this specific file, I want NIS to never take action on files with a detection signature of WS.Reputation.1, which is what I thought the outcome would be by adding it to the "Signatures to Exclude" list. P.S.: I've had that signature in my exclusions list for at least a few years, and this is the first time in a while that NIS has actually taken action on something with that signature.

my machine.....I can Exclude from Auto-Protect ....Files/Folders.
I have a few favored programs Exclude from Auto-Protect that update frequently and throw WS.Reputation.1. 
I fully trust "favored".... so, I don't want Norton interfering.   Just me.  
My concern with Exclude Signature is that the exclude is global. 
I've not Exclude by Signature so, no comment as to your issue. 
I've had WS so often that it's become rote,.... second opinion and restore from Quarantine.  

Kudos0

Re: File removed based on excluded signature

bjm_: Am I missing something? You said, "Try Exclude from Auto-Protect," and that's what I was replying to. I already know that I can exclude this specific file or some folder from being scanned or auto-protected, but that is not my goal in this case. I added "WS.Reputation.1" to the "Signatures to Exclude from All Detections" list which, as far as I can tell, should have the effect of excluding that signature from all detections. Yet, when I downloaded this file, NIS immediately deletes it based on the "WS.Reputation.1" signature.
Kudos0

Re: File removed based on excluded signature

amloessb,
I follow you.   Just never went that route.   I want unknowns going to Quarantine.  I grab the hash n' second opinion.   I want False/Positives.  I want Norton aggressive n' interactive.   Just me. 

Kudos0

Re: File removed based on excluded signature

I'm with bjm_. I am not willing to risk allowing malware onto my system if my security software has the ability to catch it. Better to have a false positive than me trying to be positive there is nothing there when there really is a problem. Again...Just me.

I also like to let others test new software updates and releases. Then I can benefit from the bugs being worked out after the initial release.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: File removed based on excluded signature

I appreciate your opinions on how you like to configure your NIS client, but my issue is that my client is apparently acting counter to the configuration I have given it. Is this the wrong place to ask for help on such issues?
Kudos0

Re: File removed based on excluded signature

amloessb,
Again, I follow you.   Just never went that route.   So, don't know.  Has Exclude WS signature worked in the past for you....?   I know Exclude by Signature works.  Users report exclude works with PUA signatures. 
I don't know if WS.Reputation.1 works with Exclude by Signature. 

Kudos0

Re: File removed based on excluded signature

Sometimes settings get muddled and need to be reset. Try removing the WS.Reputation.1 signature from the exclusion list. Restart your computer. Then add the exclusion again and test.

Things happen. Export/Backup your Norton Password Manager data.
Kudos0

Re: File removed based on excluded signature

peterweb: I tried your suggestion, but NIS still removes the file when I download it. Same signature.
Accepted Solution
Kudos0

Re: File removed based on excluded signature

So, I spent about 3 hours on a chat with Norton Support, and we finally figured out that you have to set the "Download Insight Notifications" setting to "Risks Only" (http://puu.sh/mBcvI/fbeb56bb87.png) to turn off the reputation-based file quarantines, which is counter-intuitively in the Firewall settings, and not Antivirus. So, in case anyone else has this issue, you can't exclude WS.Reputation.1 the conventional way; you have to turn off Download Insight instead.

This thread is closed from further comment. Please visit the forum to start a new thread.