Kudos0

WS.Reputation.1 - just say no.

Posted: 10-Aug-2013 | 10:42AM · 4 Replies ·

The description of WS.Reputation.1 is dubious at best.  Quarantining a file just because 'Norton' doesn't have enough information on it is heavy-handed and annoying.  Please change this to a warning only.  Anyone without the time or patience to check up on it will see WS.Reputation.1 and trust that Norton has protected them from something dastardly.  And most of the time they'd be wrong.

I Beta test.  A lot.  Norton 360 flagged a beta installer as a 'virus', or so I thought.  Being a bit more computer savvy than average, I was pretty sure this was wrong, so I checked up on WS.Reputation.1.  If I was Charlie Brown I would have yelled ARRRGH!  Being ex-military I had a slightly more colorful version in mind, but kept it to myself to spare my lovely wife and children.

So I figured I'd help out a lot of people and click the link to tell Norton that this file is good.  Halfway through the page, it says uploading the 'suspect' (cough) file is ReQuIrEd.  Required?  I'm under NDA.  I can't even tell people I'm beta testing this thing, and you want me to Upload the FILE???  Tell me just how I'm supposed to do that?

Needless to say, colorful language took on a bit more vivid hues, and I'm afraid some of it may have actually escaped under pressure.

Come on, guys.  We have enough to be afraid of in this life without a boatload of false positives.  And the seemingly official WS.Reputation.1 virus classification is doubly misleading.  Remove the rhetoric and tell us what's really going on, and unless you're a LOT more sure its a virus/malware/whatever, Let Us Decide.  Or is the whole WS.Reputation.1, et.al. thing a ploy to drum up business?

Chris W.

A Very Annoyed Customer

Replies

Kudos1 Stats

Re: WS.Reputation.1 - just say no.

Posted: 10-Aug-2013 | 11:13AM · Permalink

Hi ChrisW63

There is an option available but you perform it at your own risk.  Restore the file from quarantine and exclude it from further scans.  If you have some doubt then don’t exclude it from further scans until you have tested the software.

ATB

intesec

Kudos2 Stats

Re: WS.Reputation.1 - just say no.

Posted: 10-Aug-2013 | 11:34AM · Permalink

Hi ChrisW63,

LOL!!

First of all being ex-military myself I probably know exactly what you were thinking and even left slip out. That aside, let me play a bit of devil's advocate:

What about those less than tech savy folks - who you mentioned?  They will not be doing Beta testing (they won't even know what it is) and yes they will think that Norton saved their bacon when they see that what Nort6on alerted on was quarantined.  They may even get a warm and fuzzy feeling that they go their money's worth.  Chances are pretty good that if it is in fact a false positive that is quarantined it will show up on a Reuptation Revocation list and be seen as OK shortly after it is reported. 

So, if you haven't already, please go ahead and report it s a false positive

There is a Suggestion Board where you can submit your ideas in regards to changing the quarantine to a warning.

Thank you for your service!

Kudos2 Stats

Re: WS.Reputation.1 - just say no.

Posted: 10-Aug-2013 | 11:48AM · Permalink

HiChrisW63,

Norton reputation-based protection is designed to detect files that have not been previously seen, which also match certain other criteria that make the files suspect.  Yes, this type of defense is prone to false-positives, but it also blocks many  malicious files that would otherwise go undetected.  And since most users are downloading known-safe programs, this is normally only an issue for a small percentage of early adopters and software testers - and they can work around it easily.  Since beta files and software subject to NDA match the profile of the types of things that would be included in WS.Reputation.1, your solution would be to disable that Norton component by simply turning off Download Intelligence.

Kudos1 Stats

Re: WS.Reputation.1 - just say no.

Posted: 11-Aug-2013 | 5:25AM · Permalink

yank wrote:

Hi ChrisW63,

LOL!!

First of all being ex-military myself I probably know exactly what you were thinking and even left slip out. That aside, let me play a bit of devil's advocate:

What about those less than tech savy folks - who you mentioned?  They will not be doing Beta testing (they won't even know what it is) and yes they will think that Norton saved their bacon when they see that what Nort6on alerted on was quarantined.  They may even get a warm and fuzzy feeling that they go their money's worth.  Chances are pretty good that if it is in fact a false positive that is quarantined it will show up on a Reuptation Revocation list and be seen as OK shortly after it is reported. 

So, if you haven't already, please go ahead and report it s a false positive

There is a Suggestion Board where you can submit your ideas in regards to changing the quarantine to a warning.

Thank you for your service!

First,  I salute you guys and all here for your servce to our country.

Regarding the false-positive issue, I agree with Yank.  I'm probably in the "average" PC user group so I'm not knowledgable about this subject but as Yank mentioned, it's mainly about looking at this subject from the perspective of a "less than perfect" PC world.

Given the choice of the false-positive detection scenario vs a malware intrustion into one's PC,  I'd guess that most would prefer the 1st alternative.

As Yank mentioned, once a real threat is known, Norton updates their database and we're all covered from that point forward.

Since my entry into home 'net back in '04, I'm sure that I've had several items removed due to the false-positive action, but I've never seen an adverse effect as a result of deleting false-positives on my PC. 

Perhaps I'm not in the majority on this one but it would be interesting to survey that topic, ie,  what adverse effects with one's PC, if any, have been observed as a result of an AV removing a false-positive item.

Chris, don't get me wrong here.  I admire your PC expertise on this subject.  I wish I was as well-informed and up to date on this topic.

I approach this overal scene a little differently (ie protecting my PC from intrustions that get past the front-line AV protection's).

I'm one of those "cloners" (not a "Star Wars" clone  *lol*).  I periodically clone my HDD to have a fast backup available in case I get hit with an intrusion that I can't remove or one that becomes a time-consuming project to clean the HDD.

I hate to read about fellow members here getting hit and dealing with the "cleanup/recovery" headaches. 

Once one gets the basics understood about cloning and/or imaging, it's a great way to deal with the inevidability of an intrusion into the HDD.

Windows 7x64 Home Premium OEM Ver / MoBo: ASUS P7P55D-E / CPU: Intel i5-650 / RAM: 16 Gb Corsair DDR3

This thread is closed from further comment. Please visit the forum to start a new thread.