Norton antivirus quarantined exe and dll files

I am trying to download and play custom tomb raider game levels on the tomb raider level editor website trle.net but on some of the game level downloads the exe files and some dll files are being quarantined by Norton, a lot of people on the trle forum pages state the exe files are being quarantined not just by Norton but other antivirus programmes because they are modified flep exe files and it is a false positive.As for the dll files being quarantined by Norton it states they are treat name ws.reputation.1 and fewer than 100 people in the Norton community has used them. Could anyone advise.

Permalink
bjm_:

Well, I'm not concerned about WS.Reputation.1 detection reported with this .dll file [here].  

 

Thanks again 

Stephen White 1900:

Thanks again for going to all this trouble, I knew about excluding the flep exe files, Still didn’t want to risk harming my computer. I was more concerned about the dll files 

Well, I'm not concerned about WS.Reputation.1 detection reported with this .dll file [here].  

If you have concerns about a specific installer or a specific file.  
Please:
Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

Please:
I'd urge user to submit suspect file/s to NortonLifeLock.
I'd urge user to seek second opinion for suspect file/s. 

Thanks again for posting your concerns.  Was good Norton exercise, for me.  
One of my reasons for Norton.... is that I like the way Norton reports event details. 

Regards w Respect

Thanks again for going to all this trouble, I knew about excluding the flep exe files, Still didn’t want to risk harming my computer. I was more concerned about the dll files 

bjm_:
Permalink

and now....my side
 

bjm_:

The rating for this tomb4.exe has not changed, at this time....my side. 
File: tomb4.exe 
File size: 1.77 MB (1,851,392 bytes)
MD5 checksum: 1D97D0BDE7A64CB81DEB31F547B471A1
SHA256 checksum: 4AC9D22DC556E4D485C8A1E46FD556311605D4D4AB414A24ED7CA19211FB811A
https://community.norton.com/en/comment/8501976#comment-8501976

now, at this time....my side.

 

bjm_:

FWIW ~ adding re: Permalink

Filename: tomb4.exe
Threat name: Trojan.Gen.2
Filename: tomb4.exe
Threat name: Heur.AdvML.C

Malwarebytes static scan:
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.38349

File: 1
Malware.AI.1254230990, C:\USERS\BJM\DESKTOP\QUEBEC\TOMB4.EXE, No Action By User, 1000000, 0, 1.0.38349, BF188565D96FB6744AC20BCE, dds, 01163114, 1D97D0BDE7A64CB81DEB31F547B471A1, 4AC9D22DC556E4D485C8A1E46FD556311605D4D4AB414A24ED7CA19211FB811A


I've submitted File: 1 report...requesting Malware.AI detection confirmation thru Malwarebytes Forums.  

https://forums.malwarebytes.com/topic/271918-malwareai1254230990/ 

Stephen White 1900:

Ok, thanks for all the effort you’ve gone to to help me but after giving it a lot of thought I’m not going to download these games so we’ll call it done. Thanks again.

Thank you for posting your concerns. 
Sorry, I was not FLEP aware.  

Note on false positives! Due to the game using special FLEP-exclusive features the modified tomb4.exe executable might be considered DANGEROUS by some antiviruses. This is a FALSE POSITIVE which happens because the executable has been modified by a program called FLEP. The game is virus-free. If your antivirus insists on deleting the tomb4.exe file, you might want to add tomb4.exe to exceptions list in your antivirus program.

http://www.trle.net/sc/levelfeatures.php?lid=2798 

https://www.tombraiderforums.com/showthread.php?t=200932


 @Stephen White 1900
Seems, as you know, files modified by FLEP will likely continue to cause Norton to object.  Seems, Norton users need to exclude every new tomb4.exe, because Norton treats each new tomb4.exe as a new separate threat.
Stephen White 1900 has disabled private message receiving.

Ok, thanks for all the effort you’ve gone to to help me but after giving it a lot of thought I’m not going to download these games so we’ll call it done. Thanks again.

Stephen White 1900:

Does this mean tomb4.exe is now considered safe? Is there an outcome on the dll files?

tomb4.exe is a file name.  tomb4.exe file name is not unique to only one file. 
That's why I'll ask:
Please tell us what Norton is telling you regarding this event.
For information regarding this event > from Norton pop-up > View Details > Copy to Clipboard &or from Norton history > More Options > Copy to Clipboard > paste here.

That's why I'll urge: 
I'd urge user to submit suspect file/s to NortonLifeLock.
I'd urge user to seek second opinion for suspect file/s. 


The rating for this tomb4.exe changed, at this time....my side. 
File: tomb4.exe
File size: 1.25 MB (1,314,816 bytes)
MD5 checksum: B0B2317738D29B0A207F603872D53DE7
SHA256 checksum: 9BB93433C7F341D0BF2DCE7BEF8F9238B610BABAB2721D15B7AC36FF5A199724
https://community.norton.com/en/comment/8501959#comment-8501959 


The rating for this tomb4.exe has not changed, at this time....my side. 
File: tomb4.exe 
File size: 1.77 MB (1,851,392 bytes)
MD5 checksum: 1D97D0BDE7A64CB81DEB31F547B471A1
SHA256 checksum: 4AC9D22DC556E4D485C8A1E46FD556311605D4D4AB414A24ED7CA19211FB811A
https://community.norton.com/en/comment/8501976#comment-8501976

 

Does this mean tomb4.exe is now considered safe? Is there an outcome on the dll files?

Permalink

 

Ok thanks again for doing all this.

Stephen White 1900:

Does this mean the files are what Norton says they are?

Norton Submissions may take up to 48 hours.  
I've not heard back from my Norton submission.

I run Norton.  I'm not Norton. 
I'd urge user to submit suspect file/s to NortonLifeLock.
I'd urge user to seek second opinion for suspect file/s. 


I've not heard back from my Malwarebytes request.

Does this mean the files are what Norton says they are?

FWIW ~ adding re: Permalink

Filename: tomb4.exe
There are many indications that this file is untrustworthy.

Malwarebytes static scan:
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.38349
Objects Scanned: 1
Threats Detected: 0

FWIW ~ adding re: Permalink

Filename: tomb4.exe
Threat name: Trojan.Gen.2
Filename: tomb4.exe
Threat name: Heur.AdvML.C

Malwarebytes static scan:
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.38349

File: 1
Malware.AI.1254230990, C:\USERS\BJM\DESKTOP\QUEBEC\TOMB4.EXE, No Action By User, 1000000, 0, 1.0.38349, BF188565D96FB6744AC20BCE, dds, 01163114, 1D97D0BDE7A64CB81DEB31F547B471A1, 4AC9D22DC556E4D485C8A1E46FD556311605D4D4AB414A24ED7CA19211FB811A


I've submitted File: 1 report...requesting Malware.AI detection confirmation thru Malwarebytes Forums.  

Stephen White 1900:

1) Thanks for all you’ve done to try and sort this out, how do you submit as a false positive?
2) Judging by what you’ve seen do you think these trle.net games are ok to be downloaded and played like a lot of people are doing on there?
3) I don’t know much about computers and this stuff i just want to play some of these games.

1) Report a suspected incorrect detection to NortonLifeLock
https://support.norton.com/sp/en/us/home/current/solutions/v126152382

2) Submissions may take up to 48 hours.  I'm not a gamer.  I'm not familiar. Sorry, I've not followed:

http://trle.net/ 
http://forum.trle.net/

3) I hear ya'. 

Thanks for all you’ve done to try and sort this out, how do you submit as a false positive? Judging by what you’ve seen do you think these trle.net games are ok to be downloaded and played like a lot of people are doing on there? I don’t know much about computers and this stuff i just want to play some of these games.