Malware removed at boot by NIS 20.4.0.40?

Strange.

 

I booted up my computer today only to find a red flag warning by NIS -

8-6-2013 PM.jpg

 

Does anyone have any Idea what this means? I was doing alot of software installs and uninstalls yesterday, but NIS reported that the files in question were clean. Has anyone else received this? I deleted from Quarantine and all is well.

 

Thanks,

 

Flavio

 

Footnote: Also been receiving some WS.1 warnings from time to time on trusted programs, which I manually permitted.


intesec wrote:

Hi Flavio_C

The .ws refers to the reputation of the file...


What .ws are you referring to? 

 

Hello intersec and others,

 

I would appreciate more detail reagrding the posted graphic (above) which I received. There is not much information on it from Symantec. As for the occasional WS.1 files, I could understand what you are saying, but shouldn't NIS decide by truly looking at the actual file or files and see if there is an actual threat?

 

Otherwise, I might get lazy (though I cross-check with other tools) and permit a WS.1 to be restored and excluded from scans, which, I feel, presents a risk.

 

What does the abbreviation WS actually stand for anyway? Is there a list of WS "types" so I can study them?

 

Ciao!

 

Flavio :)

Strange.

 

I booted up my computer today only to find a red flag warning by NIS -

8-6-2013 PM.jpg

 

Does anyone have any Idea what this means? I was doing alot of software installs and uninstalls yesterday, but NIS reported that the files in question were clean. Has anyone else received this? I deleted from Quarantine and all is well.

 

Thanks,

 

Flavio

 

Footnote: Also been receiving some WS.1 warnings from time to time on trusted programs, which I manually permitted.

Hi SendOfJive

I’m not sure what you are asking as the thread starter mentions ws and the link below references it.

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/WS-Reputation-1-Reputation-Problem/m-p/960053#M238517

 

 

ATB

 

intesec

Hi Flavio_C

Most of the users on this forum that reply to posts are not Norton employee’s just volunteers with varying levels of knowledge.  The Norton employees who do post have their names in bold red and a Norton logo, one of these people may be able to answer your questions but I can’t.  Would you like to repost the image and leave the size to full size so that it is easier to see?

 

 

ATB

 

intesec


Flavio_C wrote:

I would appreciate more detail reagrding the posted graphic (above) which I received. There is not much information on it from Symantec. As for the occasional WS.1 files, I could understand what you are saying, but shouldn't NIS decide by truly looking at the actual file or files and see if there is an actual threat?


In order for Norton to know if a file is an actual threat, Symantec would need to have seen the file before.  So many malicious files today are unique (different, sometimes, even from one download to the next) that ways must be devised to try to identify possible risks in files that are completely new and unknown.  Suspicious.Cloud and WS detections are cloud-based detections of files that appear to be potentially malicious, although their exact natures are not yet known.  The detections are generic rather than specific, and, because of the uncertainty about newly discovered  files, there is always a possibility of false positives.  WS.Reputation.1 is a detection based on a number of factors that determine a file's reputation, but there are many other types of WS designations as well, listed here (you'll need to scroll about half way down the page):

 

http://www.symantec.com/security_response/landing/azlisting.jsp?azid=W

Hey SendOfJive,

 

Thank you for that link!

 

One more question. How can I find out in how many threats (in general) are out there worldwide on any given day?

Also, how many threats does actively NIS protect against (and how do I find that number)?

 

Grazie,
 
Flavio_C