Page MenuHomePhabricator
Create Task
Maniphest T152997

Norton Security flagging AWB as suspicious
Open, Needs TriagePublicBUG REPORT
Actions

Description

I recently downloaded AWB and Norton Security automatically quarantined it. The message said "there are many indications this file is suspicious". After talking to Norton service centre this seems to be a SONAR detection but I have little more information from them. I've reported it as a false positive to Norton, but this seems to be a long standing problem. See https://en.wikipedia.org/wiki/Wikipedia_talk:AutoWikiBrowser/Bugs#Incompatibility_with_Norton_Internet_Security where others say they have also reported false positives

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenBUG REPORTNoneT152997 Norton Security flagging AWB as suspicious
 OpenFeatureNoneT105972 Digitally sign AWB

Event Timeline

Spinningspark created this task.Dec 12 2016, 7:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 12 2016, 7:34 PM
Reedy subscribed.Dec 12 2016, 7:41 PM

I've reported it to them before, but never got any response

Their detection just seems flawed. I don't think update rate makes any difference.

Personally, I would suggest to not use software with such crappy support, and detection...

Nevermind that they won't tell us why it's being (repeatedly) flagged... Other than its maybe not widely used, but that's no reason to just blacklist the software

Spinningspark added a comment.Dec 12 2016, 7:50 PM

It may help if T105972 request for digital signature was resolved.

Reedy added a comment.Dec 12 2016, 8:03 PM
In T152997#2865998, @Spinningspark wrote:

It may help if T105972 request for digital signature was resolved.

It may, but they're not free. But have Norton said this is (one of) the problem(s)?

Spinningspark added a comment.Dec 12 2016, 8:51 PM

No, but I have a tracking number (12200) and will follow it up in a couple of days if they don't reply

BethNaught subscribed.Dec 12 2016, 10:42 PM
Spinningspark added a comment.Dec 17 2016, 12:38 AM

I have the following reply from Symantec

In relation to submission 12200.

Upon further analysis and investigation we have verified your submission and as such this detection will be removed from our products.

The updated detection will be distributed in the next set of virus definitions, available via LiveUpdate or from our website at http://securityresponse.symantec.com/avcenter/defs.download.html

Please note that whitelisting can take up to 24 hours to take effect.

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.

If you are a software vendor and would like to upload your software for proactive whitelisting, please complete the following form: https://submit.symantec.com/whitelist

For more information on best practices to reduce false positives:
http://www.symantec.com/content/en/us/enterprise/white_papers/b-to_increase_downloads-instill_trust_first_WP.en-us.pdf

Sincerely,
Symantec Security Response
http://securityresponse.symantec.com

Spinningspark added a comment.Dec 17 2016, 12:43 AM

I guess if it happens again then quoting them that tracking number should smooth the process of getting back on the whitelist

Spinningspark added a comment.Dec 17 2016, 12:48 AM

...and for new versions, why not use their proactive whitelisting service? It does not appear to cost anything.

Reedy added a comment.Dec 17 2016, 12:51 AM
In T152997#2882917, @Spinningspark wrote:

...and for new versions, why not use their proactive whitelisting service? It does not appear to cost anything.

But it's extra effort for someone, and whether it always gets remembered to be done...

It'd be easier if they had a way of creating a login, so you don't have to fill in most of the details, but can just upload the file(s)

Reguyla moved this task from Backlog to Threading, background and automation on the AutoWikiBrowser board.Feb 7 2017, 12:24 AM
Josve05a added a subtask: T105972: Digitally sign AWB.Jul 1 2017, 9:50 AM
Josve05a moved this task from Threading, background and automation to Other stuff on the AutoWikiBrowser board.
Josve05a added a project: Essential-Work.Jul 1 2017, 10:02 AM
Josve05a moved this task from Other stuff to Bugs on the AutoWikiBrowser board.Jul 1 2017, 10:18 AM
Liuxinyu970226 subscribed.Nov 13 2017, 5:06 AM
Aklapper changed the subtype of this task from "Task" to "Bug Report".Nov 22 2022, 5:19 PM
Reedy removed a project: Essential-Work.Mar 13 2024, 6:57 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL