I recently downloaded AWB and Norton Security automatically quarantined it. The message said "there are many indications this file is suspicious". After talking to Norton service centre this seems to be a SONAR detection but I have little more information from them. I've reported it as a false positive to Norton, but this seems to be a long standing problem. See https://en.wikipedia.org/wiki/Wikipedia_talk:AutoWikiBrowser/Bugs#Incompatibility_with_Norton_Internet_Security where others say they have also reported false positives
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | BUG REPORT | None | T152997 Norton Security flagging AWB as suspicious | ||
Open | Feature | None | T105972 Digitally sign AWB |
Event Timeline
I've reported it to them before, but never got any response
Their detection just seems flawed. I don't think update rate makes any difference.
Personally, I would suggest to not use software with such crappy support, and detection...
Nevermind that they won't tell us why it's being (repeatedly) flagged... Other than its maybe not widely used, but that's no reason to just blacklist the software
No, but I have a tracking number (12200) and will follow it up in a couple of days if they don't reply
I have the following reply from Symantec
In relation to submission 12200.
Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.
The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html
Please note that whitelisting can take up to 24 hours to take effect.
Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.
If you are a software vendor and would like to upload your software for proactive whitelisting, please complete the following form: https://submit.symantec.com/whitelist
For more information on best practices to reduce false positives:
http://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf
Sincerely,
Symantec Security Response
http://securityresponse.symantec.com
I guess if it happens again then quoting them that tracking number should smooth the process of getting back on the whitelist
...and for new versions, why not use their proactive whitelisting service? It does not appear to cost anything.
But it's extra effort for someone, and whether it always gets remembered to be done...
It'd be easier if they had a way of creating a login, so you don't have to fill in most of the details, but can just upload the file(s)