Upcoming Games

STARTED Leeds 2018 Yesterday at 17:15 UTC Guts
Swindon & Western Signalling Operations - November 2018 Tomorrow at 17:30 UTC Jr_Vandalas

(UTC times)

Full list
Add a game

Forum

At what point does it become too... Today at 03:43 - Jriver
Is it possible to delete trains? Yesterday at 21:45 - BJTaylor
York South Outer Yesterday at 21:04 - HST125Scorton
Signal number plan Yesterday at 20:40 - Steamer
Gatwick Yesterday at 18:03 - DaveHarries
Any L.M.R. signaller jobs going? Yesterday at 13:10 - zacpartridge
North Wales Coast Yesterday at 04:37 - JamesN
RTC from CS 21/04/2024 at 18:49 - Phil-jmw
Signal VC710 20/04/2024 at 14:23 - Trainman525
recursive bug report 19/04/2024 at 23:00 - Hap
Internal Error: Exception in Tim... 19/04/2024 at 17:48 - GeoffM
Kings Cross - Newcastle Host on ... 18/04/2024 at 13:53 - Guts
AHB Fail At Crannaford AHB - Tra... 18/04/2024 at 09:23 - bill_gensheet
Crewe PSB SO 20-01-2024 17/04/2024 at 10:43 - HST125Scorton
Cornwall shunt between Par Up Si... 16/04/2024 at 23:49 - rfw

Index
Latest posts

User

Log in
Register
What's my IP?
Search

Upcoming Events

No events to display

Who's Online

geswedey, Cheapside, Stephen Fulcher, Lawson, JamesN (5 users seen recently)

WS.Reputation.1

You are here: Home > Forum > Simulations > Released > Brighton > WS.Reputation.1

Page 1 of 1

1

Swipe the screen to the left to view more details

WS.Reputation.1 20/08/2013 at 11:38 #48631
sorabain 72 posts	Just in case noone is informed of the comments on the brighton download page I had some issues today with Norton Antivirus 2011 putting the download into quarantine for reason "WS.Reputation.1". It looks like more than one other user has hit similar problems but couldn't find it mentioned on the forum. Judging from http://community.norton.com/t5/Norton-Internet-Security-Norton/Clarification-on-WS-Reputation-1-detection/td-p/232155 "WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories." I've submitted a false-positive report to https://submit.symantec.com/false_positive/ but might be more likely to be effective if the writer did the same, so they could say it's their own software and give more details on how it was built and otherwise deal with any queries from symantec if necessary. At one point in the report they ask for a copy/paste of the "File Insight" WS.Reputation.1 report. Here's a C&P of mine if you don't have access to this particular AV software yourself: --- snip Full Path: c:\users\sorabain\downloads\brighton1_2b3a (1).exe ____________________________ ____________________________ On computers as of: 20/08/2013 at 12:17:34 Last Used: 20/08/2013 at 12:19:34 Startup Item: No Launched: No ____________________________ ____________________________ Few Users Fewer than 100 users in the Norton Community have used this file. ____________________________ Medium This file risk is medium. ____________________________ Threat Details Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe ____________________________ Origin Downloaded from http://www.SimSig.co.uk/index.php?option=com_remository&Itemid=254&func=download&id=585&chk=6d1c220f8a902c5860d5cd8a0faa858d&no_html=1 http://www.SimSig.co.uk/index.php?option=com_remository&Itemid=254&func=download&id=585&chk=6d1c220f8a902c5860d5cd8a0faa858d&no_html=1 Downloaded File "brighton1_2b3a (1).exe" (WS.Reputation.1) from: SimSig.co.uk brighton1_2b3a (1).exe ____________________________ File Actions File: c:\users\sorabain\downloads\brighton1_2b3a (1).exe Removed ____________________________ File Thumbprint - SHA: fb91e1f574881bc6993d27b6765c1a1f2aba04d98022682c2c6398c1707f9854 ____________________________ File Thumbprint - MD5: 870a4b83ae4db3ad27d44c6f23a81332 ____________________________ --- snip Log in to reply

WS.Reputation.1 20/08/2013 at 14:04 #48642
sorabain 72 posts	got an unexpectedly quick response from Symantec: --- In relation to submission [3290807]. Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products. The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape. If you are a software vendor, why not take part in our whitelisting program? To participate in this program, please complete the following form: https://submit.symantec.com/whitelist Sincerely, Symantec Security Response http://securityresponse.symantec.com Log in to reply

WS.Reputation.1 20/08/2013 at 14:04 #48643
alvinhochun 249 posts	Previously someone updated and recompiled a company-specific program, and then on client's machines they get WS.Reputation from their Norton Antivirus and the program is blocked until whitelisted, which is, well, pretty stupid. I had a small Google search, it seems that Norton is marking files that is "not well-known to Norton's database" as "dangerous" (or equivalent) and treat them the same way as virus. I personally think that this is really stupid and my recommendation is to not use Norton Antivirus. Actually to me, Norton always had a bad reputation. Seriously, I think Microsoft Security Essentials (or Windows Defender on Windows 8) is already enough as an antivirus. If you want to pay for antivirus, I really wouldn't recommend Norton. _ _ _ _，_ _ _ _！ (censored by the Hong Kong national security law) Log in to reply

WS.Reputation.1 20/08/2013 at 14:08 #48645
sorabain 72 posts	I agree that finding antivirus software often feels like finding the "least worst" option that doesn't ruin your workflow. In this case I think it's good that there's some diversity amongst the users of SimSig so that technical people can detect and hopefully resolve these problems that might afflict innocent users. Log in to reply

WS.Reputation.1 20/08/2013 at 14:39 #48650
GeoffM 6282 posts	Thanks for this and the replies. To address a couple of Norton's points: "There are many indications that this file is untrustworthy" (Addressing Norton here, not the OP) It would be useful to know what those indications are. Is it the fact it was downloaded off the Internet? An exe and not "hidden" in a zip? Or is it more sophisticated and starts searching within the code - eg for outbound sockets? " If you are a software vendor, why not take part in our whitelisting program?" Theoretically that could mean submitting each program I release to half a dozen or more AVs - probably much more. Obviously one needs a good antivirus but one which overreacts is almost as worthless as not having one at all. AVG was starting to get that way, screaming that my system was in imminent danger of nasty things happening because I hadn't got the latest and greatest Flash player within hours of it being released. Probably a poor example as Flash is supposedly rather holey. (Incidentally I did try uninstalling but it seems too many websites still use it). SimSig Boss Log in to reply

1