• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

I just downloaded Win10 drivers for my soundcard (ASUS Xonar STX).  During the install Norton deleted one of the files (cmudaxp64.sys) as unsafe.  I can't get any more information about the file from the Norton app.

The top page of google hits about this file is all "fix your windows computer" sites, many of which have been flagged by Norton as unsafe.

I'm not sure how essential this file is for my driver.  It came from the ASUS drivers download site.  How should I investigate further about whether ASUS is distribuing malware in their drivers or find out if this could be a false positive that Norton is flagging?  Is there a way to find out from Norton more details about why the file is getting cleansed?

-s

Replies

Kudos1 Stats

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

Look in Security History > Resolved and Unresolved and Quarantine

Kudos1 Stats

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

Often Norton will flag a downloaded file as suspicious if it's a new file. Often had the same 'problem' myself when downloading driver/program updates.

Usually looking under history will show more information.

Virginia/Twilight Princess. Windows 10 Pro 64bit, iPhone X, iPad Pro 9.7".
Kudos0

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

Kudos0

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

Thanks, it says cmudaxp64.sys has a BAD reputation (red x) and contained WS.Reputation.1

I've seen that name before (WS Reputation) but don't remember any details about it.   Anyone know if it is known malware or perhaps something more benign like a corporate data collector or something?

-s

Kudos1 Stats

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

Symantec WS.Reputation.1
http://www.symantec.com/security_response/writeup

Clarification on WS.Reputation.1 detection
https://community.norton.com/forums/clarification-wsreputation1-detection

When File Insight notes Few Users n'/or Very New the item may be flagged WS.Reputation.1

User may opt "Trust Now" for reputation that user know and trust as safe. 

For second opinion choose File and / or Search hash at VirusTotal and/or submit to Symantec for review analysis > see > How to report false positives

Norton | Learn How Norton Goes Beyond Antivirus
Reputation analysis means even tighter security for your computer.

Kudos1 Stats

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

WS.Reputation.1, denotes a file that could be malicious, but is not actually known to be malware - it is based on similarities to known polymorphic viruses, but is not a conclusive indicator that the file is a threat.  If you need this driver, and feel it is safe, you can download it by temporarily turning off Download Intelligence:

https://support.norton.com/sp/en/us/norton-security/current/solutions/kb...

Kudos0

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

SendOfJive:

WS.Reputation.1, denotes a file that could be malicious, but is not actually known to be malware

Wow, that's quite impressively counter-intuitive and cryptic.

Norton should probably fix that messaging so as to become more clear to people who are not familiar with their source code ;)

-s

Kudos0

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

Hello

You can submit the file to Virus Total  for another opinion. You can also submit the file as a false positive and have it checked again. You can also notify Asus that they should whitelist the company so that the files don't get marked with W1. Asus can submit the files to Norton before they are released and the data can be changed if needed.

Thanks.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.17.3.50 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

MisterSpiff: SendOfJive: WS.Reputation.1, denotes a file that could be malicious, but is not actually known to be malware.  Wow, that's quite impressively counter-intuitive and cryptic.  Norton should probably fix that messaging so as to become more clear to people who are not familiar with their source code ;)

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories. 

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

https://community.norton.com/forums/clarification-wsreputation1-detection


Norton | Learn How Norton Goes Beyond Antivirus
Reputation analysis means even tighter security for your computer.

FWIW ~ for WS.Reputation.1 flags..... I'll second opinion, restore from quarantine, submit to Symantec and/or thru NCW and ignore WS.
At some point for me "the wisdom of crowds" (waiting for crowds approval for programs I know and trust as safe) becomes "the boy who cried wolf"....IMO

Kudos1 Stats

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

MisterSpiff:
SendOfJive:

WS.Reputation.1, denotes a file that could be malicious, but is not actually known to be malware

Wow, that's quite impressively counter-intuitive and cryptic.

Not at all.  It is a proactive measure against NEW threats that have never been seen in the wild (which is almost every threat these days), based on factors that are characteristic of polymorphic viruses.  It is one of the reasons that Norton always scores so impressively in real world tests.  There are literally hundreds of thousands of new malware programs appearing every day.  It is no longer possible to wait until each one is tested and confirmed before taking action.  Untested files that fit the reputation profile for malware are blocked on the not-unreasonable assumption that they could do some damage.  Norton also scores well for having few false positives - if it were blocking an undue number of legitimate programs, that would be a problem, but fortunately that is just not the case.

Kudos0

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

I mean that the message "contains WS.Reputation.1" from Norton Security is counter-intuitive and cryptic.  They need to improve how the program explains its actions to the user.

Your explanation of the mechanic, on the other hand, was actually quite helpful.

Thanks.

-s

Kudos0

Re: ASUS Xonar drivers - Norton removed cmudaxp64.sys during installation.

Thanks, sorry I misunderstood the point you were making.  I agree, many of the notices that Norton provides are needlessly mysterious.

This thread is closed from further comment. Please visit the forum to start a new thread.