Kudos0

Block all "Suspicious.Insight" objects automatically without prompting.

I would like to have a feature "Block all 'Suspicious.Insight' objects automatically without prompting". I mean that only well-known files or files with good reputation are allowed to run in this mode. It could be implemented as a feature that can be switched "ON/OFF" if needed.
Labels: New Feature

Respostas

Kudos0

Re: Block all "Suspicious.Insight" objects automatically without prompting.

I would like to have a feature "Block all 'Suspicious.Insight' objects automatically without prompting". I mean that only well-known files or files with good reputation are allowed to run in this mode. It could be implemented as a feature that can be switched "ON/OFF" if needed.
Kudos0

Re: Block all "Suspicious.Insight" objects automatically without prompting.

Thanks for the idea. We implemented the reputation check with the current version (2010) and the goal was to make sure that we didn't aggressively block when a user was sure about the download - perhaps a brand new beta version of software from a small company. Over time, what you suggest might make sense, especially as an advanced option. We will continue to gather data on this, but it will be very helpful to know what other users think about this idea! Dan

Kudos0

Re: Block all "Suspicious.Insight" objects automatically without prompting.

I agree with dnadir . This should not happen at this moment . There are still some mistakes (from time to time) by Download Insight that might make trouble.

Additionally , Symantec have already done what gx suggested . Remember the "bug" with Reser.Reputation.1 detections ? http://community.norton.com/t5/Norton-Internet-Security-Norton/NEW-Download-Insight-always-report-Reser-Reputation-1-to-unknown/m-p/196780 ?

In my opinion ,

1) Insight reputation should be implemented in manual scans (Quick scan or Full scan) so that suspicious (Unproven or Bad) processes or files are somehow indicated to the user with an option to easily quarantine and restore option. Note that it is not appropriate to put this in Auto Protect but scans run from time to time when the computer is idle.

2) Download Insight should be further improved . If a user wants to run a 'yellow' file (a.k.a. Unproven/Poor reputation) , the windows that says "You are one of the very first users... We do not recommend running this file until more is known" should appear ONLY pre-execution of the file . At the moment the file is executed/running and the message appears . Then the user has an option to stop and or remove the file.

3) Please , include Insight for files that are on removable drives such as USB flash and memory cards. They are full of threats (I mean when people's computers are infected) . When a file wants to run from a removable drive , it should first be verified by Insight and if there is a file with Unproven or Poor reputation , the users should be notified by a message like in DOWNLOAD Insight -  "You are one of the very first users... We do not recommend running this file until more is known"


Thanks!

Kudos0

Re: Block all "Suspicious.Insight" objects automatically without prompting.

Kudos0

Re: Block all "Suspicious.Insight" objects automatically without prompting.

I sincerely hope this suggestion was meant as a joke. If it isn't, you should be perfectly happy with no software on your system not produced by Microsoft, Adobe, or of course Symantec. Symantec is destroying the reputations and profits of thousands of honest independent software developers with this nonsense. A hit by "Suspicious Insight" means nothing more than "We don't know." Of course Symantec USERS don't see it that way; they see "Probably contains a virus."

Thankfully virustotal has ditched this check. But that still leaves NAV users who won't touch any of many thousand legitimate software products.

David Hyde

DPlot Graph Software

(Hopefully no longer "suspicious". Bleah.)

[edit: removed link to product per the Participation Guidelines and Terms of Service.]