1. Euphoria 3.1.1 Installer Flagged by Symantec

I just wanted to mention that the 3.1.1 installer from rapideuphoria.com has been flagged with the notoriously unhelpful WS.Reputation.1 by Symantec. This may not be a huge problem, since most new users should be opting to use 4.x now, but I thought it might be worth mentioning. My AV just removes the installer immediately with no input from me.

This is the link to the Virus Total report:

https://www.virustotal.com/en/file/32bab6f7c58cd60be1b4bf57f6baaaf42cd4729e53f2c28dab5fe1b076ff1e46/analysis/

You can read Symantec's vague description of WS.Reputation.1 here:

http://www.symantec.com/security_response/writeup.jsp?docid=2010-051308-1854-99

I notice it's also flagged by NANO-Antivirus (Virus.Win9x.Gen-Crypt.ccnk), but I've never heard of that engine before.

I'm not sure if there's an action item here but it's probably not great to have the 3.1.1. installer throwing off virus smell (even if it's a legacy version). Domains get associated and the next thing you know Google starts pushing them down the search rankings as "suspicious". It's a great way to kill organic traffic so is probably worth fixing.

I think there are steps to clear these reputation flags with Symantec? Do you guys already have experience with this or should I do some research?

new topic     » topic index » view message » categorize

2. Re: Euphoria 3.1.1 Installer Flagged by Symantec

MatthewMacGregor said...

I think there are steps to clear these reputation flags with Symantec? Do you guys already have experience with this or should I do some research?

I believe that pretty much the only option you have is to report this as a false positive to Symantec and NANO. Let us know how far you get.

Pete
PS good luck!

new topic     » goto parent     » topic index » view message » categorize

3. Re: Euphoria 3.1.1 Installer Flagged by Symantec

The other evening Symantec went through my drive (while I was using it) and decided that over 50 programs - many of which I had written and compiled myself - contained this 'virus'. Sent Symantec a strongly worded note since the files weren't recoverable for whatever reason - of course I've heard nothing nor do I expect to ever hear anything about this error on their part.

I understand occasional false positives but to totally delete the files without providing me at least a chance to say "don't scan this folder in the future" is just rude IMO.

new topic     » goto parent     » topic index » view message » categorize

4. Re: Euphoria 3.1.1 Installer Flagged by Symantec

tbohon said...

The other evening Symantec went through my drive (while I was using it) and decided that over 50 programs - many of which I had written and compiled myself - contained this 'virus'. Sent Symantec a strongly worded note since the files weren't recoverable for whatever reason - of course I've heard nothing nor do I expect to ever hear anything about this error on their part.

I understand occasional false positives but to totally delete the files without providing me at least a chance to say "don't scan this folder in the future" is just rude IMO.

Yes, unfortunately it's not uncommon with little-known executables. My PowerBasic exes (with debug symbols) are constantly flagged by all AV that I've tried. I also had trouble with Launch4J exes like this as well. It's very bad behavior, but that's because I'm sure the exe's are probably ok. If I weren't sure, I'd be glad for the automatic removal of "threats".

new topic     » goto parent     » topic index » view message » categorize

5. Re: Euphoria 3.1.1 Installer Flagged by Symantec

petelomax said...
MatthewMacGregor said...

I think there are steps to clear these reputation flags with Symantec? Do you guys already have experience with this or should I do some research?

I believe that pretty much the only option you have is to report this as a false positive to Symantec and NANO. Let us know how far you get.

Pete
PS good luck!

We deal with AV flagging quite a bit at work, but it's not my jurisdiction so I'm not an expert. I'll see what I can figure out and ask one of the guys in that department for any tips. I'm pretty sure that Symantec moves at a snail's pace if you're not one of the big guys.

new topic     » goto parent     » topic index » view message » categorize

6. Re: Euphoria 3.1.1 Installer Flagged by Symantec

Okay, I've submitted a false positive with Symantec:

Symantec said...

CONFIRMATION Your submission has been sent Mon Oct 13 19:31:49 PDT 2014. To make another submission, click here.

Sincerely,

Symantec Security Response

I also submitted the file as a false positive to NANO Antivirus, but the page literally asked me nothing more than "Upload Here" and no feedback upon success. I'm not terribly hopeful that we'll get that one cleared. Symantec is the big hitter anyway...

new topic     » goto parent     » topic index » view message » categorize

7. Re: Euphoria 3.1.1 Installer Flagged by Symantec

Well, that was fast...

symantec said...

In relation to submission [3640667].

Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.

The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor, why not take part in our whitelisting program? To participate in this program, please complete the following form: https://submit.symantec.com/whitelist

Sincerely, Symantec Security Response http://securityresponse.symantec.com

new topic     » goto parent     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu