• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Sick and Tired of False Positives

I am getting sick and tired of False Positives, having to submit them for White Listing and then hearing nothing back from Norton. I'm trying to download an old installer from a trusted developer but no Norton won't let me. Now I have to use a Linux computer that is not infected with Norton to download it. I'll run the exe through Virus Total and I'm willing to bet it scores 0/68.

I've got 120 days left on my Norton License but at this point I have no plans to renew. Get your act together Norton !

Replies

Kudos0

Re: Sick and Tired of False Positives

Please share source for "old installer from a trusted developer".    

Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Kudos0

Re: Sick and Tired of False Positives

Try for yourself......

http://www.linplug.de/stock/albino/Albino%203%20Installer%20321.exe

I was wrong it scored 1/66 at Virus Total being passed by all but CMC which I've never heard of. Symantec passed it as well. The screenshot will show if it's approved. .

This is the third False Positive in the last couple of weeks. I submitted one file as a favor to the developer but never heard back from Norton. I'm telling developers now just to contact Norton themselves to have their files white listed.

The problem seems to be Norton's lack of awareness of VST (Virtual Studio Technology) plugins which come in .dll format that is read by Digital Audio Workstations. All three FP's were with VST or VSTi plugins.

Kudos0

Re: Sick and Tired of False Positives

So I downloaded it on one of my Linux machines and moved the .exe to this computer then scanned it. Norton found no threats. But can you see why this a problem ? Norton wouldn't let me download a file that it found no threats in when scanned. Once again the screenshot will show once it's approved.

Kudos0

Re: Sick and Tired of False Positives

Marc Hoppe 55:  This is the third False Positive in the last couple of weeks. I submitted one file as a favor to the developer but never heard back from Norton. I'm telling developers now just to contact Norton themselves to have their files white listed.

The problem seems to be Norton's lack of awareness of VST (Virtual Studio Technology) plugins which come in .dll format that is read by Digital Audio Workstations. All three FP's were with VST or VSTi plugins.

Sorry.  I'm not familiar with VST.  

Please tell us what Norton is telling you regarding this event. 
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Kudos0

Re: Sick and Tired of False Positives

Hello Mark. When you try opening the link you posted on a Windows computer, do you get the following as I see in IE11 below? Yet, when submitting the URL to the Safe Web site I see the following below. Reviewed SAFE, yet blocked in browser. Norton DOES indeed have an issue with its whitelisting updates. @Sunil_GA

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.194 / NSBU 22.16.2.22 / Norton Core v.270 on Android
Kudos0

Re: Sick and Tired of False Positives

Oh, Safe Web false positive. Not Download Insight false positive?
Kudos0

Re: Sick and Tired of False Positives

bjm_ using what browser, what URL? Here? I get malicious site block messages for each legacy download I try. Although the site does open.

Cheers

Retired military (Navy 1980-2002) "From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows 10 Professional x 64 version 1809 / build 17763.194 / NSBU 22.16.2.22 / Norton Core v.270 on Android
Kudos0

Re: Sick and Tired of False Positives

Um, is OP reporting Safe Web false positive or Download Insight false positive?

IE11 sans Safe Web extension.

Firefox with Safe Web extension.

Kudos0

Re: Sick and Tired of False Positives

Did you try to save the file in Firefox ? If all things are the same the results should be the same.

Filename: Albino 3 Installer 321.exe
Threat name: WS.Reputation.1Full Path: C:\Users\----\Downloads\Albino 3 Installer 321.exe

____________________________

____________________________


On computers as of
12/6/2018 at 8:49:48 AM

Last Used
12/6/2018 at 8:51:49 AM

Startup Item
No

Launched
No

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe


____________________________


Albino 3 Installer 321.exe Threat name: WS.Reputation.1
Locate


Few Users
Hundreds of users in the Norton Community have used this file.

Mature
This file was released 4 years 9 months ago.

Medium
This file risk is medium.


____________________________


http://www.linplug.de/stock/alpha/FreeAlpha Installer 330.exe
Downloaded File  from www.linplug.de
Source: External Media

Albino 3 Installer 321.exe

____________________________

File Actions

File: C:\Users\----\Downloads\ Albino 3 Installer 321.exe Removed
____________________________


File Thumbprint - SHA:
ef0f1a00d33f41c50ed4110457a6f81502bd62f6b23bba9c64709b483902a117
File Thumbprint - MD5:
d483c44455ab8dbe44a3cf4bf6279c9f

Kudos0

Re: Sick and Tired of False Positives

Please review: WS.Reputation.1 detection.
https://community.norton.com/en/forums/clarification-wsreputation1-detection
Files reported as WS.Reputation.1 may not necessarily be malicious, and may be false positive detection. Should you be uncertain whether a file has been reported correctly, you may submit file to https://www.virustotal.com (link is external) for second opinion scan with multiple antivirus engines.
If you believe a file has been mistakenly detected by WS.Reputation.1, you may submit a dispute at https://submit.symantec.com/false_positive/.

Kudos0

Re: Sick and Tired of False Positives

Marc Hoppe 55,

Um, are your Norton Security settings at Default?  

Thanks for your helpful messages.  

I've submitted information from https://community.norton.com/en/comment/8043951#comment-8043951

Kudos0

Re: Sick and Tired of False Positives

Marc Hoppe 55,

Thu 12/6/2018, 1:25 PM

In relation to submission 123383.

Upon further analysis and investigation we have verified your submission and, as such, the detection(s) for the following file(s) will be removed from our products:

    File name: Albino 3 Installer 321.exe
    MD5: D483C44455AB8DBE44A3CF4BF6279C9F
    SHA256: EF0F1A00D33F41C50ED4110457A6F81502BD62F6B23BBA9C64709B483902A117
    Note: Whitelisting may take up to 24 hours to take effect via Live Update

If detection persists, please contact support:
* Norton: https://support.norton.com/sp/en/us/home/current/info

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

For more information on best practices to reduce false positives:
https://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf

Sincerely,
Symantec Security Response

Kudos1 Stats

Re: Sick and Tired of False Positives

Ok thanks it passes now. I got tired of submitting files for white listing. Best practice to reduce False Positives ? Use a security suite not prone to generating False Positive Reports. 

Kudos0

Re: Sick and Tired of False Positives

Here's another one. I guess the developer didn't contact Norton after all. Warning is generated when trying to unzip the file. How do we get images to pass Moderation here ? Here's the link. http://www.audionebula.ca/Aurora_FM_x64_0.18.1.zip

Kudos0

Re: Sick and Tired of False Positives

Please tell us what Norton is telling you regarding this event. 
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

If you believe a file has been mistakenly detected, you may submit dispute at https://submit.symantec.com/false_positive/.


File: Aurora_FM_x64_0.18.1.zip
File size: 1.64 MB (1,720,714 bytes)
MD5 checksum: 3801D7DEF301DF69E3C9B6763B4D1AD3
SHA1 checksum: CB72DE5924056B6067A51568A3DA121AFFC79753
SHA256 checksum: EECBE01C3CA450F4810EC0DF4B9BF7E4EE56AA00B2F424BC2CA906F9229276DC

File: Aurora FM.dll
File size: 4.24 MB (4,450,304 bytes)
MD5 checksum: FB5716385B45A0EBFB05FE63A4EC693E
SHA1 checksum: FE52A5E778C0E88292F102B50808136AB0C373EF
SHA256 checksum: 92732791787F15C8CA3DAFFA6ECC02EB49FB83D5E945990F162342A645ADE1FC

Kudos0

Re: Sick and Tired of False Positives

Yea I know how to use Virus Total. If I could get the images I posted to pass moderation you would see that I have used it in this very thread. I can't submit the .dll to VT because Norton deletes it when I try to unzip the file.  All you are doing is proving how feeble Norton has become. Won't let me unzip a file but passes it at Virus Total. Download the file, then try to unzip it.

That's when the "Aurora FM.dll is not safe and has been removed" pop up appears as shown in the screenshot above. Unless you think I'm just photo shopping those images.

Then you can "Please tell us what Norton is telling you regarding this event" for yourself. My Norton settings are default so there is no reason why it should kick up a warning here and nowhere else.

Kudos0

Re: Sick and Tired of False Positives

Please tell us what Norton is telling you regarding this event. 
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Marc Hoppe 55: 
Download the file, then try to unzip it.

I did.  

Kudos0

Re: Sick and Tired of False Positives

Are you not reading what I write ? If not then please leave the thread and stop with the copy/paste responses. I know you're just in "Defense of Norton" mode but you're not helping one bit. Loyalty is good, blind loyalty is foolish.

Kudos0

Re: Sick and Tired of False Positives

I'll submit false positive submission 4 U.  I'll need: 

Please tell us what Norton is telling you regarding this event. 

Marc Hoppe 55: 
I am getting sick and tired of False Positives, having to submit them for White Listing and then hearing nothing back from Norton. 

I'm not having an issue hearing back from Norton.  

Regards w Respect

Maybe, Chat with Official Norton Support regarding your concerns.  

Kudos0

Re: Sick and Tired of False Positives

I'm not making this stuff up.....

Kudos0

Re: Sick and Tired of False Positives

....tried to help.

Regards w Respect

Kudos0

Re: Sick and Tired of False Positives

Hello Marc

I will try and get the Safe Web Team to go thru this thread and fix the false positives and white list the files that need to be white listed. Please give the Team a little time to go thru this thread and fix the files so they are OK with Norton.

When you find any more problem files, please let me know and I can contact the Safe Web Team.

Have a Good Night and

Thanks.

Success always occurs in private and failure in full view. Windows 7 Pro 64 bit NSBU 22.16.2.22 Core Firmware 270 I E 11