I create a new thread because I don't see an existing one concenrning this. I think it is very important.
Ever since I have upgraded my versions of Norton 2010 to 17.5 I noticed that Download Insight no longer reports yellow pop-up to files with Unproven , Untrusted or Poor reputation . This used to be with previous builds (17.0 , 17.1 ...) . Instead of reporting yellow and giving the user the option to decide , it automatically scans and deletes the file - all such files are marked red and deleted Reser.Reputation.1
Although this might be helpful in most cases , this way of working is prone to False Positive Alerts.
One just creates a harmless self-extracting archive and make this SFX into exe . This sfx exe contains a PDF file (harmless one) and it is marked automatically as a threat Reser.Reputation.1
You could try it with random unknown exe with Unproven or ... reputation
I create a new thread because I don't see an existing one concenrning this. I think it is very important.
Ever since I have upgraded my versions of Norton 2010 to 17.5 I noticed that Download Insight no longer reports yellow pop-up to files with Unproven , Untrusted or Poor reputation . This used to be with previous builds (17.0 , 17.1 ...) . Instead of reporting yellow and giving the user the option to decide , it automatically scans and deletes the file - all such files are marked red and deleted Reser.Reputation.1
Although this might be helpful in most cases , this way of working is prone to False Positive Alerts.
One just creates a harmless self-extracting archive and make this SFX into exe . This sfx exe contains a PDF file (harmless one) and it is marked automatically as a threat Reser.Reputation.1
You could try it with random unknown exe with Unproven or ... reputation
I can create an executable zip file containing a pdf and I have no issue.In your case what action are you performing when you have created the exe?
After you create this , upload it somewhere and then download it with your browser (IE or Firefox) . This way Download Insight will analyse it and produce a false positive alarm of a threat .
Thy this - it contains just a PDF - a magazine - harmless PDF into sfx exe
This file particularly might not be clean but you can test with any other file . I supposed you can create your own exe (example a self-extract one from an archive and fill it with harmless files) , then upload that exe somewhere and attemp to download it.
Check out the result. Obviously there is something wrong with this. Note that it was not like that a few days ago
This file particularly might not be clean but you can test with any other file . I supposed you can create your own exe (example a self-extract one from an archive and fill it with harmless files) , then upload that exe somewhere and attemp to download it.
Check out the result. Obviously there is something wrong with this. Note that it was not like that a few days ago
I have been able to reproduce the issue you raise. I used winzip 14 to build a zip file (it is necessary to use legacy compression) and then to convert to winzip executable. I uploaded the exe to my own website (using Cuteftp) and downloaded using http.
The downloaded file is picked up by Norton's and removed in quarantine. The desciption is Reser.Reputation.1
I will try to get a SYmantec employee to look at this and response.
I can confirm this as stated by the OP. Create a sfx file and then download via http and Download Insight graps the file first and then when restored from Quarantine, SONAR2 grabs it also.
Two Files false positive Detection , Reser.Reputation.1
[edit: removed direct link to executable files per the Participation Guidelines and Terms of Service. Please refrain from linking directly to these types of files]
Two Files false positive Detection , Reser.Reputation.1
This is not just a false positive on the definitions that can be submitted and fixed with a Live Update (Iron revocation). This is FP based on the technology false positives . Download Insight marks ALL such files as Reser.Reputation.1 and the problem is that they get deleted automatically just because of the reputation. This is it ---
I'm also getting this behaviour with Spinrite.exe from GRC.com and I'm sure that Steve Gibson would not be hosting a virus on his site with his reputation for security.
This is good news. I was affected by this problem as well and can confirm that the update seems to have fixed the problem.
I think Symantec is doing a very good job and find this forum really helpful. Many other antivirus developers got a lot to learn from Symantec with regards to the support, listening to the customers and fixing bugs. The previous two antivirus software i been using the support was horrible and fixing bugs took ages if ever fixed at all. So i hope Symantec keep up the good work. I also have to add that the Norton Antivirus product since version 2009 is a huge improvment compared to the previous releases.
On 2 pc set with NIS 2010 17.5.0.127 with the latest updates: Download UltraISO PC1(XP pro SP2) : no detection Reser Reputation 1 PC2 (Windows 7 Ultimate) : detection Reser Reputation 1 and deleted file.
Details: the downloaded file on PC1, I analyzed manually on PC2 and Norton does not detect Reser Reputation 1.