Page MenuHomePhabricator

Norton Security flagging AWB as suspicious
Open, Needs TriagePublic

Description

I recently downloaded AWB and Norton Security automatically quarantined it. The message said "there are many indications this file is suspicious". After talking to Norton service centre this seems to be a SONAR detection but I have little more information from them. I've reported it as a false positive to Norton, but this seems to be a long standing problem. See https://en.wikipedia.org/wiki/Wikipedia_talk:AutoWikiBrowser/Bugs#Incompatibility_with_Norton_Internet_Security where others say they have also reported false positives

Related Objects

StatusAssignedTask
OpenNone
OpenNone

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 12 2016, 7:34 PM
Reedy added a subscriber: Reedy.Dec 12 2016, 7:41 PM

I've reported it to them before, but never got any response

Their detection just seems flawed. I don't think update rate makes any difference.

Personally, I would suggest to not use software with such crappy support, and detection...

Nevermind that they won't tell us why it's being (repeatedly) flagged... Other than its maybe not widely used, but that's no reason to just blacklist the software

It may help if T105972 request for digital signature was resolved.

Reedy added a comment.Dec 12 2016, 8:03 PM

It may help if T105972 request for digital signature was resolved.

It may, but they're not free. But have Norton said this is (one of) the problem(s)?

No, but I have a tracking number (12200) and will follow it up in a couple of days if they don't reply

I have the following reply from Symantec

In relation to submission 12200.

Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.

The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Please note that whitelisting can take up to 24 hours to take effect.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor and would like to upload your software for proactive whitelisting, please complete the following form: https://submit.symantec.com/whitelist

For more information on best practices to reduce false positives:
http://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf

Sincerely,
Symantec Security Response
http://securityresponse.symantec.com

I guess if it happens again then quoting them that tracking number should smooth the process of getting back on the whitelist

...and for new versions, why not use their proactive whitelisting service? It does not appear to cost anything.

...and for new versions, why not use their proactive whitelisting service? It does not appear to cost anything.

But it's extra effort for someone, and whether it always gets remembered to be done...

It'd be easier if they had a way of creating a login, so you don't have to fill in most of the details, but can just upload the file(s)

Josve05a moved this task from Other stuff to Bugs on the AutoWikiBrowser board.Jul 1 2017, 10:18 AM