Text only | Text with Images

Ecoboost Performance Forum

Racing Department => Dyno Results => Topic started by: lamrith on August 02, 2017, 11:53:44 AM

Title: Virus warning trying to download Virtual Dyno
Post by: lamrith on August 02, 2017, 11:53:44 AM
Anyone downloaded it lately?  My Norton Antivirus is flagging it as having a "WS.Reputation.1" virus and deleting the install file.
Title: Re: Virus warning trying to download Virtual Dyno
Post by: FoMoCoSHO on August 02, 2017, 11:54:50 AM
Quote from: lamrith on August 02, 2017, 11:53:44 AM
Anyone downloaded it lately?  My Norton Antivirus is flagging it as having a "WS.Reputation.1" virus and deleting the install file.
Downloaded yesterday and Defender says its clean.
Title: Re: Virus warning trying to download Virtual Dyno
Post by: TopherSho on August 02, 2017, 12:06:15 PM
WS.Reputation.1 is a generic detection. . it means Sonar / Download Insight was unable to verify the software publisher against its own knowledge base.

It means that it has not seen very many people with Norton or Symantec Endpoint Protection Download it and it is still unsure how to score it.  IE bad or good.    the more that people with Norton or Symantec Endpoint Protection download it and no negative effects are noted the reputation score goes up until it is trusted. (for that HASH). 

if the package is small .. i'd disable Norton and then submit the file here for analysis .. : https://www.virustotal.com/ (https://www.virustotal.com/)

then see if any other major vendors (Kaspersky, Sophos, Trend) flag the file.   if they dont it is likely fine.

Title: Re: Virus warning trying to download Virtual Dyno
Post by: TopherSho on August 02, 2017, 12:12:50 PM
hnmmm trend did not like it.

And it is suspiciously small ... caution is merited ..  looking deeper ..
Title: Re: Virus warning trying to download Virtual Dyno
Post by: FiveLeeter918 on August 02, 2017, 12:23:14 PM
hmm downloaded it yesterday, firewall threw up no errors.
Title: Re: Virus warning trying to download Virtual Dyno
Post by: lamrith on August 02, 2017, 12:27:26 PM
Let me know what you find Topher.  I figured it should be fine with everyone using it, but weird it triggered my Antivirus.
Title: Re: Virus warning trying to download Virtual Dyno
Post by: TopherSho on August 02, 2017, 01:44:11 PM
Quote from: FiveLeeter918 on August 02, 2017, 12:23:14 PM
hmm downloaded it yesterday, firewall threw up no errors.

Fireweall wont, it would to trigger IPS or IDS for that to occur.  The file-level AV and or reputation service would need to tigger on it.   

I have it in queue for a manual review with an engineer .. wont hear back right away though. 

the only reason i find it suspicious is the small application size for what it is supposed to do combined with a Trigger from Trend... had it be some crappy third party free AV like clam or  AVG i'd be less suspicious ..
Title: Re: Virus warning trying to download Virtual Dyno
Post by: TopherSho on August 02, 2017, 01:59:36 PM
https://www.virustotal.com/en/file/2c8120849fa1c706aea244952241b43f8cceec5c6b12fedcb0b5404a0adca41e/analysis/ (https://www.virustotal.com/en/file/2c8120849fa1c706aea244952241b43f8cceec5c6b12fedcb0b5404a0adca41e/analysis/)

http://www.threatexpert.com/report.aspx?md5=e40b9287c051c67566b33aaff22a8bd2 (http://www.threatexpert.com/report.aspx?md5=e40b9287c051c67566b33aaff22a8bd2)


hmmm the installer behaves weird.  But did not encrypt/lock my VMWARE test box.. we have two major vendors throwing flags on the field..

use at your own risk.

Text only | Text with Images
EhPortal 1.39.5 © 2024, WebDev