everything-1.5.0.1283a.x64 is detected as virus by Symantic Endpoint

Found a bug in "Everything"? report it here
Post Reply
news
Posts: 13
Joined: Thu Oct 08, 2009 1:12 pm

everything-1.5.0.1283a.x64 is detected as virus by Symantic Endpoint

Post by news »

Scan type: Auto-Protect Scan
Event: Security Risk Found!
Security risk detected: WS.Reputation.1
File: c:\Users\balu\Desktop\everything-1.5.0.1283a.x64\everything64.exe
Location: Quarantine
Computer: balu
User: balu
Action taken: Reboot Required
Date found: Friday, November 5, 2021 2:27:14 PM
void
Developer
Posts: 16745
Joined: Fri Oct 16, 2009 11:31 pm

Re: everything-1.5.0.1283a.x64 is detected as virus by Symantic Endpoint

Post by void »

Thanks for the virus report news,

This is a false positive.

I've send Broadcom a false positive report.

For now, please add an exception to your Antivirus software.
raccoon
Posts: 1017
Joined: Thu Oct 18, 2018 1:24 am

Re: everything-1.5.0.1283a.x64 is detected as virus by Symantic Endpoint

Post by raccoon »

Deeper dive.

WS.Reputation.1 is an expected detection for any limited distribution (alpha, beta) software that has not yet earned community reputation. Everything uses a lot of scary system functions and API calls, so WS.Reputation.1 is designed to warn about unknown never-seen-before software builds that do scary things. This includes each brand new alpha release.

Per Broadcom-Symantec: Clarification on WS.Reputation.1 detection
WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
Read more from Broadcom.

This detection seems to happen to basically every developer (see links below).

Via: https://duckduckgo.com/?q=%22WS.Reputation.1%22
Via: https://duckduckgo.com/?q=%22WS.Reputat ... e+based%22
void
Developer
Posts: 16745
Joined: Fri Oct 16, 2009 11:31 pm

Re: everything-1.5.0.1283a.x64 is detected as virus by Symantic Endpoint

Post by void »

Symantec Enterprise Division - Broadcom wrote: File 2: Everything64.exe
MD5: 4662b47688b66b8e4ad09080d211b57e
SHA256: a6b5ecbab493eec6e797e5353e726e8d16aa887e2fc07275f46db95fe028ce7e
Determination: Clean
Submission Detail: This file is clean.
everything64.exe should now be marked as clean.
news
Posts: 13
Joined: Thu Oct 08, 2009 1:12 pm

Re: everything-1.5.0.1283a.x64 is detected as virus by Symantic Endpoint

Post by news »

That was very quick Thank you. Now symantic says its clean :D
Post Reply