1. Euphoria 3.1.1 Installer Flagged by Symantec
- Posted by MatthewMacGregor Oct 13, 2014
- 1359 views
I just wanted to mention that the 3.1.1 installer from rapideuphoria.com has been flagged with the notoriously unhelpful WS.Reputation.1 by Symantec. This may not be a huge problem, since most new users should be opting to use 4.x now, but I thought it might be worth mentioning. My AV just removes the installer immediately with no input from me.
This is the link to the Virus Total report:
You can read Symantec's vague description of WS.Reputation.1 here:
http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854-99
I notice it's also flagged by NANO-Antivirus (Virus.Win9x.Gen-Crypt.ccnk), but I've never heard of that engine before.
I'm not sure if there's an action item here but it's probably not great to have the 3.1.1. installer throwing off virus smell (even if it's a legacy version). Domains get associated and the next thing you know Google starts pushing them down the search rankings as "suspicious". It's a great way to kill organic traffic so is probably worth fixing.
I think there are steps to clear these reputation flags with Symantec? Do you guys already have experience with this or should I do some research?
2. Re: Euphoria 3.1.1 Installer Flagged by Symantec
- Posted by petelomax Oct 13, 2014
- 1334 views
I think there are steps to clear these reputation flags with Symantec? Do you guys already have experience with this or should I do some research?
I believe that pretty much the only option you have is to report this as a false positive to Symantec and NANO. Let us know how far you get.
Pete
PS good luck!
3. Re: Euphoria 3.1.1 Installer Flagged by Symantec
- Posted by tbohon Oct 13, 2014
- 1336 views
The other evening Symantec went through my drive (while I was using it) and decided that over 50 programs - many of which I had written and compiled myself - contained this 'virus'. Sent Symantec a strongly worded note since the files weren't recoverable for whatever reason - of course I've heard nothing nor do I expect to ever hear anything about this error on their part.
I understand occasional false positives but to totally delete the files without providing me at least a chance to say "don't scan this folder in the future" is just rude IMO.
4. Re: Euphoria 3.1.1 Installer Flagged by Symantec
- Posted by MatthewMacGregor Oct 13, 2014
- 1256 views
The other evening Symantec went through my drive (while I was using it) and decided that over 50 programs - many of which I had written and compiled myself - contained this 'virus'. Sent Symantec a strongly worded note since the files weren't recoverable for whatever reason - of course I've heard nothing nor do I expect to ever hear anything about this error on their part.
I understand occasional false positives but to totally delete the files without providing me at least a chance to say "don't scan this folder in the future" is just rude IMO.
Yes, unfortunately it's not uncommon with little-known executables. My PowerBasic exes (with debug symbols) are constantly flagged by all AV that I've tried. I also had trouble with Launch4J exes like this as well. It's very bad behavior, but that's because I'm sure the exe's are probably ok. If I weren't sure, I'd be glad for the automatic removal of "threats".
5. Re: Euphoria 3.1.1 Installer Flagged by Symantec
- Posted by MatthewMacGregor Oct 13, 2014
- 1230 views
I think there are steps to clear these reputation flags with Symantec? Do you guys already have experience with this or should I do some research?
I believe that pretty much the only option you have is to report this as a false positive to Symantec and NANO. Let us know how far you get.
Pete
PS good luck!
We deal with AV flagging quite a bit at work, but it's not my jurisdiction so I'm not an expert. I'll see what I can figure out and ask one of the guys in that department for any tips. I'm pretty sure that Symantec moves at a snail's pace if you're not one of the big guys.
6. Re: Euphoria 3.1.1 Installer Flagged by Symantec
- Posted by MatthewMacGregor Oct 13, 2014
- 1235 views
Okay, I've submitted a false positive with Symantec:
CONFIRMATION Your submission has been sent Mon Oct 13 19:31:49 PDT 2014. To make another submission, click here.
Sincerely,
Symantec Security Response
I also submitted the file as a false positive to NANO Antivirus, but the page literally asked me nothing more than "Upload Here" and no feedback upon success. I'm not terribly hopeful that we'll get that one cleared. Symantec is the big hitter anyway...
7. Re: Euphoria 3.1.1 Installer Flagged by Symantec
- Posted by MatthewMacGregor Oct 14, 2014
- 1251 views
Well, that was fast...
In relation to submission [3640667].
Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.
The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html
Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.
If you are a software vendor, why not take part in our whitelisting program? To participate in this program, please complete the following form: https://submit.symantec.com/whitelist
Sincerely, Symantec Security Response http://securityresponse.symantec.com