Um, what does "exclude this risk from future scans" do?
and where is "the exclusions list (later from options)"?
msi download is detected as WS.Reputation.1 and removed.
msi file is not Quarantined.
Norton dialog suggests I may "Exclude the program".
Norton dialog suggests I may "exclude this risk from future scans". Confirm Exclusion does not exclude this msi file from future download scans.
Next download is detected as WS.Reputation.1 and removed.
I needed to turn Download Intelligence Off to get msi saved to desktop.
I needed to leave Download Intelligence Off to allow msi installer to run without detection.
Just adding the msi file (saved to desktop) to Exclusions > Item to Exclude from Scans & Items to Exclude from AutoProtect without Download Intelligence Off does not allow msi installer to run without detection.
Um, what does "exclude this risk from future scans" do? and where is "the exclusions list (later from options)"?
Maybe, Norton works with msi file different than PE files.
What does "exclude this risk from future scans" do? and where is "the exclusions list (later from options)"?
We have released Norton Security 22.19.9.63 product update for Windows fixing an issue where "Exclude this risk from future scans not working” via LiveUpdate. Please run LiveUpdate to receive an update and let us know the issue fix. Thanks for your patience.
[...]
Chat: We have checked with security team to identify file maximum size of scan and found the information are not publicized for security reason.
[...]
Chat: I am sorry, we have consulted your case with the security team and there is no file size limit.
[...]
Chat: Do not worry, I am going to mention each and every link and you would be getting answer of every query. Please wait for 48 hours.
[...]
[...]
Chat: I have checked the case details and the case is already escalated to senior team regarding file size limitation of Norton scan. I will be highlighting the case on the prior bases so that the issue will be resolved and you will be getting a call back from our concern team with in 24-48 hours for the same issue.
Chat: Please cooperate with us and we appreciate your cooperation.
[...]
Chat says >
quote:
There is no file size limitation for Norton actions.
The file size is only for our information. we don't have size criteria. If it is infected file, Norton will remove it.
:end quote
[....]
Chat: May I know what information do you need ?
User: Why some WS.Reputation.1 flags are removed and some are quarantined. I
User: I'd like to know file size limitation for Norton actions.
Chat: There is no file size limitation for Norton actions.
User: Okay, why are some WS.Reputation.1 detections removed and some are quarantined.
Chat: I will check with the backbend team and check with the given link.
Chat: And we will get back to you about the link .
[....]
Chat: I am sorry, There is not file size limitations for Norton actions .
User: Okay, why are some WS.Reputation.1 detections removed and some are quarantined.
Chat: I will escalate your case to back end team to check with the link.
User: Maybe, file type.
Chat: The back end team will check the link and get back after 24 hours.
[....]
black_z:
same sample?
No, clean, but self-written new execution file (.exe).
meaning ?
Filename: Xchomar-internetsecurity-online-setup-x64-x86-en.exe
Full Path: C:\Users\bjm\Desktop\chomar\Xchomar-internetsecurity-online-setup-x64-x86-en.exe
Developers
eBilge Teknoloji Sanayi ve Ticaret Anonim Sirketi
Version
0.0.0.0
Identified
8/6/2019 at 9:34:59 AM
Last Used
Not Available
Startup Item
No
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
Trusted
Norton has given this file a trusted rating.
https://www.chomar.com.tr/chomar-internetsecurity-online-setup-x64-x86-en.exe
Downloaded File Xchomar-internetsecurity-online-setup-x64-x86-en.exe from chomar.com.tr
Xchomar-internetsecurity-online-setup-x64-x86-en.exe
File Thumbprint - SHA:
acfe88bc94a22a3785ac97dc128fd5dec9415de441dde3217ebda0358529e0f7
File Thumbprint - MD5:
53e892889f7b1d760b8d1fff55e33488
Um, my Topic is regarding.
https://www.chomar.com.tr/chomar-internetsecurity-win8-win81-win10-x64-en.msi
Downloaded File chomar-internetsecurity-win8-win81-win10-x64-en.msi from chomar.com.tr
But there is interest thing - after bad file (excluded by id) re-downloading, in history written that access is allowed, but if run file - Ws.rep.1 and in history written - deleted. hah: then, in quarantine written - quarantined by user, manually placed (:D what?), severity: info.
So, "Confirm Exclusion" does not exclude, in practice?
of course. This is an old topic. Exceptions help from other technologies (SONAR, Heur, Signatures). Reputation (Insight) lives its own life. I checked it again on 22.17.3: download bad file (by Insight only) - Ws.Rep.1, exclude by id, download again - Ws.rep.1 again.
and where is "the exclusions list (later from options)"?
Norton dialog suggests I may "Exclude the program".
Norton dialog suggests I may "exclude this risk from future scans".
Confirm Exclusion does not exclude this msi file from future download scans.
and where is "the exclusions list (later from options)"?
===========================================
reports
reports
File: chomar-internetsecurity-win8-win81-win10-x64-en.msi