Please Sign In with Norton Account to Ask a Question or comment in the Community
Product Announcement: Norton Security 22.23.4.6 for Windows is now available!
Posted: 21-Mar-2011 | 10:19PM · 10 Replies · Permalink
I have NIS 18.5.0.125, with automatic live updates.
There's a file with diffferent scan results:
In my PC - nothing found
In virustotal.com - "Symantec 20101.3.0.103 2011.03.22 WS.Reputation.1"
Thanks in advance.
Posted: 21-Mar-2011 | 11:00PM · Permalink
So you did find the file yourself and Symantec says there is no malware and virustotal tells you there is?
Posted: 21-Mar-2011 | 11:19PM · Permalink
Please read my post with a bit of attention.
All that we are, is the result of what we have not read...
Also, i can send you the file.
Posted: 22-Mar-2011 | 1:57AM · Permalink
Something may interfere with AV kernel and may hook it. For example, can you download malware test file from http://eicar.org/anti_virus_test_file.htm (eicar.com) and see the result? When AV is hooked you will see nothing.
This file by itself contains only following string:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
which needs to be handled by all antivirus products.
Posted: 22-Mar-2011 | 3:41AM · Permalink
Afaik, you can get WS.Reputation.1 only from Download Insight. Therefore, you can't get it if you scan a file which is already on your hard drive, memory stick ...
On VirusTotal they are probably download files for analyses and get WS.Reputation.1 from Download Insight
Posted: 22-Mar-2011 | 4:14AM · Permalink
This might shed some light on the issue: http://community.norton.com/t5/Norton-Internet-Security-Norton/Clarification-on-WS-Reputation-1-detection/td-p/232155.
Posted: 22-Mar-2011 | 6:55AM · Permalink
ruiplacido wrote:
Please read my post with a bit of attention.
All that we are, is the result of what we have not read...
Also, i can send you the file.
Based on the information that you gave in your first post in this thread, is the name of the file in question 'Rumpelstiltskin.exe"?
"All of our responses stem from the information that you have not given."
Posted: 23-Mar-2011 | 8:03AM · Permalink
- My NIS detects "Eicar".
- "you can't get it if you scan a file which is already on your hard drive, memory stick ..." Well, it's not very protective.
- The name of the file in question it is not 'Rumpelstiltskin.exe", but it's an "exe" file.
Posted: 09-Apr-2011 | 10:47PM · Permalink
Not yet detected by NIS, decided to send/submit the file 5 min ago to Symantec...
Posted: 10-Apr-2011 | 7:07AM · Permalink
Is this some kind of Easter Egg hunt? What is the name of the file that you think is malware?
Also more than one of the VirusTotal scanners detected the file as hueristic based. In other words, the file appears suspicious but is not necessarily malware. The file might be unsigned and perform high level OS functions. Quite a bit of freeware utility type software falls in this catagory.
Bottom line - software in this catagory can best be summed up as run at your own risk. I run software like this but block all Internet access to it including updating.
This thread is closed from further comment. Please visit the forum to start a new thread.