Hello Everybody.
Since years I'm a user of the Open Source Projectes Code::Blocks (www.codeblocks.org) and had never security problems with it.
But since I use Norton 630 (since last December) I have problems while downloading or decompressing the current "nightly builds". The file "cblauncher.exe" will be detected as suspicious (Suspicious.Cloud.7.F) . If I report this as "False Positive" to Symantec, they agree, that it is a wrong detection and tell me that they will not longer detect the file as problematic. Unfortunatly this is only the case for the current version and with the next "nightly build" it will be detected again.
You may argue that with every new version the content of the file changes and that is the reason for a new "False Positive" detection. But the point is that I've got the impression that they treat every report associated with the same file like ther very first one, even I list under "Additional notes" every known "submission" number associated with this "False Positive". Thus they should learn from it, that this problem has a longer history. In addition until now I had to report each occurence twice since they where not able to download the file without having a password, while the everyboby can download it without a password.
I assume that on the other side, they use only a simple mashine that is not able to interprete my additional notes. For example I tried several times to explain how the name of the 7zip-file associated with a "nightly build" will be defined and that every "nightly build" has its own topic in the Forum ( http://forums.codeblocks.org/index.php/board,20.0.html ). But some how my description seems to be not understanable. Even I know that my English is not the best (I'm aGerman), I can not imagine that this is the only reason, because if they ask for some details it works. But if a human asks me for some more or better explanations, why doesn't he put this information into a database, that allows me to reffer to it, if I report the next "False Positive" for the same program. I like to have a checkbox in the web formular to tell them, that the next report is not the first one and a posibility to add the submission numbers not in a anonymous input called "Additional notes" but in an input for associated submission-numbers
I can understand that a new binary with an old name leads to the old detection if the observed behavior was not changed. Furthermore I can accept that I have to support to maintain this "False Positive".
But if this is frequently the case I would expect a more efective posibility to exchange information.
Best Regards,
Eckard Klotz
PS.: please find here ticket-numbers associated with this case:
submission [3491738]
submission (3590276)
submission (3613580)
submission (3614635)
(Tracking #38641341)