Ce sujet a besoin d'une solution.
Remerciements0

Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:00 · 8 Replies · · Traduction:

U torrent classic and u torrent web is being flagged as malicious when downloading, installing or when the user is using it. It is flgged as PUA and the Firewall is also asking me repeatedly about the connection it is using , I set this to allow all the time but it keeps me asking. Currently I have excluded this program but I need a solution for it. I think its being flagged malicious as a flase positive. I have submitted the file for incorrect detection over Norton File Submission portal. I have the Submission ID with me as well. I want to get notified about the results which I sent for re classification. This program is being used by a lot of users and if it is indeed a flase positive Norton should not detect it as malicious. Ask me if you needed my Sample submission ID.
Thématiques: Auto-Protect, Application Blocking, Firewall, False Positive, Real Time Threat Protection, Quarantine, SONAR, Scan, Threat Detection

Réponses

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:09 · Édité: 2022-08-14 | 09:17 · Permalien

Please share submission ID/s 

utweb_installer.exe
https://community.norton.com/en/forums/utwebinstallerexe

For each time that i try to download, for example Bittorrent, Norton 360 blocks the download with the message: "Cancelled Malicious Download".
https://community.norton.com/en/forums/utorrent-1

Why is uTorrent blocked
https://forums.malwarebytes.com/topic/284261-why-is-utorrent-blocked/#comment-1504446

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:20 · Édité: 2022-08-14 | 10:10 · Permalien

as test: µTorrent Classic - Free

Filename: f_00002b
Threat name: PUA.SuperflussFull Path: C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data\Profile 7\Cache\Cache_Data\f_00002b

On computers as of 
8/14/2022 at 12:16:47 PM

Last Used 
8/14/2022 at 12:16:46 PM

Startup Item 
No
Launched 
No
Threat type: Security Risk. Programs that pose a security or privacy risk and are not already classified as malicious.

f_00002bThreat name: PUA.Superfluss
Locate

Many Users
Hundreds of thousands of users in the Norton Community have used this file.

Mature
This file was released 1 month  ago.

Low
This file risk is low.

hnnps: //download-hr. utorrent. com/track/stable/endpoint/utorrent/os/windows
Downloaded File  from utorrent. com
Source: External Media

f_00002b

File Actions

Infected file: C:\Users\bjm\AppData\Local\Microsoft\Edge\User Data\Profile 7\Cache\Cache_Data\f_00002b No fix attempted

File Thumbprint - SHA:
f72ee83436cb1f82366bfaafb14a4c0cb99826c02166fc0bd21fb6e7eb5190c6
File Thumbprint - MD5:
68a70ef9d99e94926e7231e00e136890

VirusTotal [here] = 24/70 - 2022-08-14 - 2 minutes ago

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:26 · Édité: 2022-08-14 | 10:14 · Permalien

as test: µTorrent Web - Free

Filename: utweb_installer.exe
Full Path: c:\Users\bjm\Desktop\utweb_installer.exe

Developers 
Rainberry Inc

Version 
1.2.0.0

Identified 
8/14/2022 at 12:21:57 PM

Last Used 
Not Available

Startup Item 
No

Many Users
Hundreds of thousands of users in the Norton Community have used this file.

Mature
This file was released 2 months  ago.

Good
Norton has given this file a good rating.


hnnps: //download-new. utorrent. com/endpoint/utweb/track/stable/os/win
Downloaded File  from utorrent. com

utweb_installer.exe

File Thumbprint - SHA:
543ceaeb949f608d2a8b89612e89a172d1e37f06171fe573ac48ed928ae94e0b
File Thumbprint - MD5:
a308d01eaa587d15fc7d41a0394c8c76

VirusTotal [here] = 7/69 - 2022-08-14 - 2 minutes ago

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:30 · Édité: 2022-08-14 | 10:19 · Permalien

as test: µTorrent Web - Free

Resolved Threats:
No risks have been resolved

Unresolved Threats:
PUA.Superfluss
 Type: Anomaly
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
 Categories: Security Risk
 Status: Not Attempted
 -----------
 1 Infected File
C:\User\current\AppData\Roaming\uTorrent Web\utweb.exe - No action taken
 1 Browser Cache

Fix

Resolved Threats:
PUA.Superfluss
 Type: Anomaly
 Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
 Categories: Security Risk
 Status: Restart Required
 -----------
 1 Infected File
C:\User\current\AppData\Roaming\uTorrent Web\utweb.exe - Restart Required
 1 Browser Cache

Unresolved Threats:
No unresolved risks

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:37 · Édité: 2022-08-14 | 09:38 · Permalien

Report a suspected incorrect detection to Norton
https://support.norton.com/sp/en/us/home/current/solutions/v126152382

Submit a file to Norton
https://support.norton.com/sp/en/us/home/current/solutions/kb20090602171902EN

Respond to incorrect Norton alerts that a file is infected or a program or website is suspicious
https://support.norton.com/sp/en/us/home/current/solutions/kb20100222230832EN

Please tell us what Norton is telling you regarding this event.
For information regarding event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste.

For second opinion choose File &/or Search hash at VirusTotal 

Act on quarantined risks or threats
https://support.norton.com/sp/en/us/home/current/solutions/v6200305

Turn off or turn on Download Intelligence
https://support.norton.com/sp/en/us/norton-security/current/solutions/v23920640

Exclude files and folders from Norton Auto-Protect, SONAR, and Download Intelligence scans
https://support.norton.com/sp/en/us/home/current/solutions/v3672136

Fix problem detecting a file or program as a threat even after you exclude it from scan
https://support.norton.com/sp/en/us/home/current/solutions/v115455517

Configure Exclusions/Low Risks settings
https://support.norton.com/sp/en/us/norton-360/home/solutions/v15457075

Exclude files with low-risk signatures from Norton scans
https://support.norton.com/sp/en/us/home/current/solutions/v15463085

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:46 · Édité: 2022-08-14 | 09:52 · Permalien 

https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows

https://safeweb.norton.com/report/show?url=https://download-hr.utorrent.com/track/stable/endpoint/utorrent/os/windows = Warning -> Malicious Sources/Malnets | Peer-to-Peer (P2P) | Potentially Unwanted Software

https://download-new.utorrent.com/endpoint/utweb/track/stable/os/win

https://safeweb.norton.com/report/show?url=https://download-new.utorrent.com/endpoint/utweb%2Ftrack/stable/os/win = Safe -> Peer-to-Peer (P2P) | Software Downloads

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-14 | 09:56 · Édité: 2022-08-14 | 09:57 · Permalien

Malicious Sources/Malnets
Sites that host or distribute malware or whose purpose for existence is as part of a malicious network (malnet) or the malware ecosystem. Malware is defined as software that takes control of a computer, modifies computer settings, or collects or reports personal information without the permission of the end user. It also includes software that misrepresents itself by tricking users to download or install it or to enter personal information. This includes sites or software that perform drive-by downloads; browser hijackers; dialers; any program that modifies your browser homepage, bookmarks, or security settings; and keyloggers. It also includes any software that bundles malware (as defined above) as part of its offering. Information collected or reported is "personal" if it contains uniquely identifying data, such as email addresses, name, social security number, IP address, etc. A site is not classified as malware if the user is reasonably notified that the software will perform these actions (e.g., it alerts that it will send personal information, be installed, or that it will log keystrokes).

Peer-to-Peer (P2P)
Sites that distribute software to facilitate the direct exchange of files between users. P2P includes software that enables file search and sharing across a network without dependence on a central server.
Examples:  frostwire.comthepiratebay.seutorrent.comvuze.com
bearshare.comtorrentz.eu

Potentially Unwanted Software
Sites that are not malicious sources but that host software with undesirable behavior or cause undesirable browser behavior such as intrusive adware, adware servers used exclusively by intrusive adware, and browser hijackers.

Software Downloads
Sites wholly dedicated to the download of software for any type of computer or computing device whether for payment or at no charge. Does not include sites or pages that offer a software download as a subset of their overall content.
Examples: download.complay.google.comappworld.blackberry.comsoftpedia.comshareware.de
download.enet.com.cnfilehippo.comsnapfiles.comdownloadsource.es

Remerciements0

Re: Why is u torrent classic and u torrent web is being flagged as malicious

Envoyé le: 2022-08-17 | 18:29 · Permalien

The_Eagle_007:
Ask me if you needed my Sample submission ID.

@The_Eagle_007
Please share your Submission ID.  

This thread is closed from further comment. Please visit the forum to start a new thread.