• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos1 Stats

What exactly is WS.Reputation.1/2/3?

I've got some files that i've had for nearly 10 years. I've had Norton Security for at least 3 years but suddenly Norton has decided it doesn't like these files purely based on WS.Reputation.1 and deleted them - not quarantined, deleted.

For some reason, the live chat people i've spoken to don't seem to understand the concept of false positives and therefore can't seem to help me.

Norton doesn't like the following files:

Properties.Resources.Designer.cs.dll

NorthwindDataSet.Designer.cs.dll

These were copied by one of Microsoft's IDEs (maybe Visual Studio) in to the relevant folders of C# programs i attempted to make back in the day. They're all identical.

Exclude from future scans doesn't appear to be working. Is that because the files are already deleted?

Anyway, this is invigorating me, so i'm thinking of excluding WS.Reputation.1, WS.Reputation.2, and WS.Reputation.3 signatures from all detections.

I like the idea of crowd sourcing anti-virus information but i don't like the idea of files being deleted because not many people have them or what ever strange idea Norton has about them.

So before i do that, i would like to know what exactly WS.Reputation.1, WS.Reputation.2, and WS.Reputation.3 represents before i expose myself to unnecessary risk. Norton's summary doesn't state much other than good, bad, and suspicious ratings.

Thanks.

Ps. Now i'll dig out the deleted files from my backups and restore these files, whilst obfuscating them to Norton.

EDIT: I have sent false positive reports but i shouldn't have to do this for every file Norton decides it doesn't like because only a few people expose the files to Norton.

Replies

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

WS.Reputation.1 flags being deleted vs quarantined has been discussed before, as I recall, with no definitive resolution.

Please review: https://community.norton.com/en/forums/norton-internet-security-auto-removing-threats-when-set-ask-me

Community search and Google search 'WS.Reputation.1' will find related.


Can you create work product folder and exclude folder?

old post:

There are also some ways you can reduce/fix this issue on your own, particularly if you need to hand-craft executables:

 - Norton products can exclude by path. You can create a folder, add it to the AutoProtect exclusions (under Settings), and then download files to this folder. This will prevent Insight from seeing these files. Of course, you should only download executables you know are safe to this folder.

https://community.norton.com/en/forums/clarification-wsreputation1-detection

old macro:
Restore & exclude this file: is not the same as adding item(s) to Exclude from Auto-Protect nor the same as Exclude from All Detections.

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

> Community search and Google search 'WS.Reputation.1' will find related.

I did do. I mainly found people complaining about it and and wishy washy webpages talking about it.

> ....  as I recall, with no definitive resolution.

Explains why i haven't found definitive answer myself.  I don't mind that Norton keeps their magic sauce to themselves. I just wish we had more control over what type of low reputation Norton will act upon. To me, a file (none-document) that only a few people have is very different to one for other reasons.

> Can you create work product folder and exclude folder?

Thanks. I could and if it comes to it, it is what i'll have to do because the number of false positives Norton has deleted in the past day or so is unacceptable.

> Restore & exclude this file:

If only Norton had Quarantined the files. I had attempted to exclude this program from 'resolved security risks' but i've come to the conclusion it doesn't do what my intuition believes.

> Exclude from All Detections.

Is what i've decided to try, which is what sparked this thread because i don't want to expose myself to unnecessary risk by choosing the wrong signature.

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

Thanks for the screenshots. I've already seen these before starting the thread and i linked to a Norton webpage in the initial thread post that states pretty much the same information. They don't really state anything other than the obvious - low reputation signatures.

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

NortonUser5:

Thanks for the screenshots. I've already seen these before starting the thread and i linked to a Norton webpage in the initial thread post that states pretty much the same information. They don't really state anything other than the obvious - low reputation signatures.

Yes, simply adding content for Norton users that pass this way, 

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

I'm sorry to see you've helped people with the same complaint for many years.

So it seems that the only thing that can be done is to exclude the relevant directories from Norton as the people before me have experienced that excluding the WS.Reputation.1 signature does not work.

Kudos0

Re: What exactly is WS.Reputation.1/2/3?

NortonUser5. Have you manually added "WS.Reputation.1/2/3" to Antivirus Settings > Scan and Risks > Exclusions / Low Risks > Signatures to Exclude from All Detections > 'Add' > Dropdown box - 'Insight Network Threat'? And/or submit your files to Norton as false positives to have them whitelisted? Symantec no longer offers a developer white-listing collaboration IMA.

Cheers

"From DOS to Windows10 what a journey it has been" / MS Certified Professional / Windows Server 2016 Essentials / Windows 10 Professional x 64 version 1909 / build 18363.476 / N360 Deluxe 22.19.9.63 / Norton Core v.288 on Android 2.22 / Opera GX
Kudos0

Re: What exactly is WS.Reputation.1/2/3?

NortonUser5:

So it seems that the only thing that can be done is to exclude the relevant directories from Norton as the people before me have experienced that excluding the WS.Reputation.1 signature does not work.

RE: "excluding the WS.Reputation.1 signature does not work".

Well, from this distance, as you can imagine, we can only read, as users report.  

"does not work" may be case-by-case. 

Regards w Respect

Good Luck