ICloud for Windows identified as threat and removed

Trying to download iCloud for Windows 2.7.  From Microsoft Store.  Norton identifies it as a threat and removes it from the Downloads folder. 

Apple sent me to this webpage https://apps.microsoft.com/detail/9pktq5699m62?hl=en-US&gl=US.  Post in Norton Community from February 2024 (when new version of iCloud was issued) sent me to this webpage https://apps.microsoft.com/detail/9pktq5699m62?rtc=1&hl=en-us&gl=US.  Neither works.  Tried each multiple times to be sure.

When i tried to report it to Norton on the misidentified threats pages, it wouldn't accept it, because Microsoft Store and its contents are marked safe --which of course makes sense, but ... .

Bob R

Running Win11 completely updated, Norton 360 22.24.3.2 completely updated

and again, I'm seeing Good + Downloaded File from microsoft.com + hash not known to VirusTotal. 



Filename: iCloud Installer.exe
Full Path: c:\User\user\Edge\current\Desktop\iCloud Installer.exe

Developers 
Microsoft Corporation

Version 
22405.508.1.0

Identified 
5/24/2024

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

Good
Norton has given this file a good rating.

https: //apps.microsoft. com/
Downloaded File  from microsoft.com

iCloud Installer.exe

File Thumbprint - SHA:
122365bd0e006c7f925e326a370e4a4f893571bc505858d966a19862e1855b4a
File Thumbprint - MD5:
2ad7b296049e71c795eca7054d444f86
 

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Norton's community of users. Detections of this type are based on Norton’s reputation-based security technology. 

The reputation-based system uses "the wisdom of crowds" (millions of end users) connected to cloud-based intelligence to compute a reputation score for an application.  

WS.Reputation.1 detection is based purely on a file's reputation, which can tell you if its particular usage and distribution patterns match those frequently seen with malware.  A lot of legitimate files will match this reputation profile at some point in their lives.  So this detection is sort of a "better safe than sorry" block based on the premise that not enough is known about the file to declare it safe.  (credit SendOfJive)

fwiw ~ In my experience WS.Reputation.1 flag usually clears as Norton gathers more telemetry.

Are you still seeing fresh iCloud downloads identified by Norton as a threat and removed?
Since, detection was WS.Reputation.1...maybe, WS.Reputation.1 detection has now cleared with Norton gathering more telemetry.  

@rwruggieri

Note: looks like fresh download: [here]
On computers as of
5/23/2024 at 3:00:02 PM

Note: Downloaded File from Unknown


Note: is not known to VirusTotal, at this time
File Thumbprint - SHA:
028ea7183887a70338593586a72c22b91f2e7c695a0d7265f40a8f6a0af94d59
File Thumbprint - MD5:
61fbc2ccc7562e022629764bd840180a

__________________________________________________

Note: iCloud Installer checksum varies. 

as test: (7)
https: //apps.microsoft. com/
Downloaded File from microsoft.com

iCloud Installer.exe

File Thumbprint - SHA:
ab2393685359963b45635cc6239a1e25bca9601627efc290410a8b3b91277783
File Thumbprint - MD5:
cebf2f17d6adc09c7a86bd3cffd5c354

Sorry, on my side Norton does not object to iCloud Installer downloads. 

Note:
rwruggieri download is from Unknown [here]
my downloads are from microsoft.com

Now that I'm in Norton history (which i have little occasion to visit), I'm reminded that i can Restore the offending file.  Since the file is from MS Store and Apple, I'm not worried that it's somehow not safe. 

here you go, for what it's worth.

Filename: iCloud Installer.exe
Threat name: WS.Reputation.1Full Path: C:\Users\rwrug\Downloads\iCloud Installer.exe

____________________________

____________________________


On computers as of
5/23/2024 at 3:00:02 PM

Last Used
5/23/2024 at 3:02:02 PM

Startup Item
No
Launched
No
Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe


____________________________


iCloud Installer.exeThreat name: WS.Reputation.1
Locate


Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

Medium
This file risk is medium.


____________________________


about:internet
Downloaded File  from Unknown
Source: External Media

iCloud Installer.exe

____________________________

File Actions

File: C:\Users\rwrug\Downloads\iCloud Installer.exeRemoved

____________________________


File Thumbprint - SHA:
028ea7183887a70338593586a72c22b91f2e7c695a0d7265f40a8f6a0af94d59
File Thumbprint - MD5:
61fbc2ccc7562e022629764bd840180a

 

rwruggieri:

As I said in the opening paragraph, what is happening is that the downloads are being identified by Norton as a threat and removed.  I included the URLs so if anyone wanted to test, they could duplicate.  And so that anyone would see that i was downloading from the primary source, not a secondary source that might be sending out malicious software labeled as iCloud Installer. 

And so for the website being safe, that's nice, but doesn't mean the download gets accepted.  Cause it doesn't and that's what matters.  I don't even use SafeWeb.  I'm not handing my whole computer life over to Norton's judgment.

Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

fwiw ~ on my side:
I tested your posted URLs. 
Norton did not object to the downloads...on my side...from your posted URLs.   

rwruggieri:
As I said in the opening paragraph, what is happening is that the downloads are being identified by Norton as a threat and removed. 

Are you still seeing downloads identified by Norton as a threat and removed?

Maybe, detection was WS.Reputation.1...that has now cleared with Norton gathering more telemetry.  

bjm_,

As I said in the opening paragraph, what is happening is that the downloads are being identified by Norton as a threat and removed.  I included the URLs so if anyone wanted to test, they could duplicate.  And so that anyone would see that i was downloading from the primary source, not a secondary source that might be sending out malicious software labeled as iCloud Installer. 

Why would I be posting here if the URLs didn't work.  That's of course not Norton's problem.  If that was case, I wouldn't have been able to download and there wouldn't have been anything for Norton to identify as threat and remove!

And so for the website being safe, that's nice, but doesn't mean the download gets accepted.  Cause it doesn't and that's what matters.  I don't even use SafeWeb.  I'm not handing my whole computer life over to Norton's judgment.

As I also said, I tried using the links on the Norton website to report the problem as a misidentified threat, and Norton wouldn't accept the report, because it's Mircrosoft Store and that's approved source, and it won't take reports about it.  I just tried again, and same result -- no go.

i have no idea what you did to download it successfully, since you didn't indicate where you downloaded from.  Not very helpful.

I just tried again, thinking that maybe in interim Norton fixed the problem.  No go.  Still unsafe, still removed. 

to be clear, the first URL was the one that Apple's webpage for downloading the program directs to.  The second is what you get if you just enter the URL part before the question mark -- in other words, the additional info from question mark on is added by Microsoft store when you select that product when it loads the specific page. 

But you're right on one thing -- i did confuse the version number with the rating.

If you have anything constructive to offer, I'd appreciate it.  But not one of your posts was the least bit helpful.  BTW, I'm no novice on computers.  I was using them probably before you were born.

Bob

rwruggieri:

Trying to download iCloud for Windows 2.7.  From Microsoft Store.  Norton identifies it as a threat and removes it from the Downloads folder. 

Report a suspected incorrect detection to Norton
https://support.norton.com/sp/en/us/home/current/solutions/v126152382

Submit a file to Norton
https://support.norton.com/sp/en/us/home/current/solutions/kb20090602171902EN

Respond to incorrect Norton alerts that a file is infected or a program or website is suspicious
https://support.norton.com/sp/en/us/home/current/solutions/kb20100222230832EN


Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

For second opinion choose File &/or Search hash at VirusTotal 


as always, your mileage may vary
Caveat:  I've not installed/run iCloud Installer.exe

as test:  more test downloads from another profile appears to vary the checksum

File: iCloud Installer (1).exe
File size: 844 KB (863,776 bytes)
MD5 checksum: 161F6B5FB08C34A6A8A2ED5F7207DC75
SHA256 checksum: 96AAC8B925472880033FCAB5E0D3494DA82F9803F65BB274498CA01359570BC4
Date/Time: 5/23/2024


File: iCloud Installer (2).exe
File size: 844 KB (863,776 bytes)
MD5 checksum: 4680B3F1C7392B03F5393337F05134A7
SHA256 checksum: 0642BAFC16DE67F3499C3BE0DDE981579F1852EC6D71E491668C512B1EE8277F
Date/Time: 5/23/2024 


as test:  3 & 4 appear same checksum as 1 & 2

File: iCloud Installer (3).exe
File size: 844 KB (863,776 bytes)
MD5 checksum: 161F6B5FB08C34A6A8A2ED5F7207DC75
SHA256 checksum: 96AAC8B925472880033FCAB5E0D3494DA82F9803F65BB274498CA01359570BC4
Date/Time: 5/23/2024 


File: iCloud Installer (4).exe
File size: 844 KB (863,776 bytes)
MD5 checksum: 4680B3F1C7392B03F5393337F05134A7
SHA256 checksum: 0642BAFC16DE67F3499C3BE0DDE981579F1852EC6D71E491668C512B1EE8277F
Date/Time: 5/23/2024 

_____________________________________________

Norton reports all my test downloads as 22405.508.1.0 and Good

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

Good
Norton has given this file a good rating.
___________________________________________________________

Note: my test downloads were not known by VirusTotal.  I've uploaded files to VirusTotal. 

as always, your mileage may vary
Caveat:  I've not installed/run iCloud Installer.exe

as test:

Filename: iCloud Installer.exe
Full Path: C:\Users\bjm\Desktop\iCloud Installer.exe

Developers 
Microsoft Corporation

Version 
22405.508.1.0

Identified 
5/23/2024 

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

Good
Norton has given this file a good rating.

Source File: 
iCloud Installer.exe

File Thumbprint - SHA:
bf4bde99252c82f2b0ed6efdeedc54db8155365f5531c4c8313d7d457a47ea94
File Thumbprint - MD5:
f36e0893fc4e3956fdf21a9cca9e2f40


File: iCloud Installer.exe
File size: 844 KB (863,776 bytes)
MD5 checksum: F36E0893FC4E3956FDF21A9CCA9E2F40
SHA256 checksum: BF4BDE99252C82F2B0ED6EFDEEDC54DB8155365F5531C4C8313D7D457A47EA94
Date/Time: 5/23/2024 


VirusTotal analysis
https://www.virustotal.com/gui/file-analysis/ZjM2ZTA4OT


as always, your mileage may vary
Caveat:  I've not installed/run iCloud Installer.exe

rwruggieri:
Trying to download iCloud for Windows 2.7.  From Microsoft Store.  
Apple sent me to this webpage https: //apps.microsoft. com/detail/9pktq5699m62?hl=en-US&gl=US. Post in Norton Community from February 2024 (when new version of iCloud was issued) sent me to this webpage https: //apps.microsoft. com/detail/9pktq5699m62?rtc=1&hl=en-us&gl=US.
 Neither works.

~ meaning, the URL addresses do not work? 

https://apps.microsoft.com/detail/9pktq5699m62?hl=en-US&gl=US.

~ 2.7 seems to refer to user Ratings and reviews - 4/11/2024
 


https://apps.microsoft.com/detail/9pktq5699m62?rtc=1&hl=en-us&gl=US.%C2%A0

~ 2.7 seems to refer to user Ratings and reviews - 5/21/2024



~ both addresses appear to call the same Additional information - Release date 2/1/2019



Note: URL address characters after the question mark are local info...may not be needed.