Anyone downloaded it lately? My Norton Antivirus is flagging it as having a "WS.Reputation.1" virus and deleting the install file.
Quote from: lamrith on August 02, 2017, 11:53:44 AM
Anyone downloaded it lately? My Norton Antivirus is flagging it as having a "WS.Reputation.1" virus and deleting the install file.
Downloaded yesterday and Defender says its clean.
WS.Reputation.1 is a generic detection. . it means Sonar / Download Insight was unable to verify the software publisher against its own knowledge base.
It means that it has not seen very many people with Norton or Symantec Endpoint Protection Download it and it is still unsure how to score it. IE bad or good. the more that people with Norton or Symantec Endpoint Protection download it and no negative effects are noted the reputation score goes up until it is trusted. (for that HASH).
if the package is small .. i'd disable Norton and then submit the file here for analysis .. : https://www.virustotal.com/ (https://www.virustotal.com/)
then see if any other major vendors (Kaspersky, Sophos, Trend) flag the file. if they dont it is likely fine.
hnmmm trend did not like it.
And it is suspiciously small ... caution is merited .. looking deeper ..
hmm downloaded it yesterday, firewall threw up no errors.
Let me know what you find Topher. I figured it should be fine with everyone using it, but weird it triggered my Antivirus.
Quote from: FiveLeeter918 on August 02, 2017, 12:23:14 PM
hmm downloaded it yesterday, firewall threw up no errors.
Fireweall wont, it would to trigger IPS or IDS for that to occur. The file-level AV and or reputation service would need to tigger on it.
I have it in queue for a manual review with an engineer .. wont hear back right away though.
the only reason i find it suspicious is the small application size for what it is supposed to do combined with a Trigger from Trend... had it be some crappy third party free AV like clam or AVG i'd be less suspicious ..
https://www.virustotal.com/en/file/2c8120849fa1c706aea244952241b43f8cceec5c6b12fedcb0b5404a0adca41e/analysis/ (https://www.virustotal.com/en/file/2c8120849fa1c706aea244952241b43f8cceec5c6b12fedcb0b5404a0adca41e/analysis/)
http://www.threatexpert.com/report.aspx?md5=e40b9287c051c67566b33aaff22a8bd2 (http://www.threatexpert.com/report.aspx?md5=e40b9287c051c67566b33aaff22a8bd2)
hmmm the installer behaves weird. But did not encrypt/lock my VMWARE test box.. we have two major vendors throwing flags on the field..
use at your own risk.