Ads displayed for guests and not donating members only. Get ad-free by donating. If you have already donated, please read here.
Results 1 to 9 of 9

Thread: ADU Active Dossier Uploader giving virus warnings

  1. #1

    ADU Active Dossier Uploader giving virus warnings

    I've updated my ADU to the latest version (with the link on the site 'http://www.vbaddict.net/download/ActiveDossierUploader.exe') and now Norton is supressing it due to a virus warning, namely 'Suspicious.Cloud.9'. http://www.symantec.com/security_res...052214-5723-99

    Is anyone else having a problem with the current version of ADU and does this version really have a problem or is the a false positive from my virus scanner?

  2. #2
    Retired Commander Phalynx.eu's Avatar
    Join Date
    Jan 2013
    Location
    Erlangen, Germany
    Posts
    2,127
    Cannot confirm that. My McAfee has no problems with it.

    Symantec says:
    Suspicious.Cloud.9 is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.
    ADU is downloading and uploading data from the internet, maybe this is suspicious enough....

  3. #3
    This is what I got using Norton Internet Security 20.5.0.28

    Filename: activedossieruploader.exe
    Threat name: WS.Reputation.1
    Full Path: d:\c_drive\downloads\activedossieruploader.exe

    Updated: February 15, 2012 3:15:47 PM
    Type: Other
    Risk Impact:High
    Systems Affected:Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

  4. #4

  5. #5
    Retired Commander Phalynx.eu's Avatar
    Join Date
    Jan 2013
    Location
    Erlangen, Germany
    Posts
    2,127
    See my post above.

  6. #6
    Quote Originally Posted by Phalynx.eu View Post
    See my post above.
    Thanks. I have a VMware Windows 7 environment with netwerk monitoring tools. Will use that to upload data. Let you know when I DO find something suspicious.

  7. #7
    The download includes installation of WS.Reputation.1. Below is the detailed description of the WS.Reputation.1 threat from Symantec. I assume this file is a harmless false positive, but I could not find any language on vbaddict to confirm this. So, I am abandoning vbaddict until I can easily confirm that the files in the download ADU are not malware.


    Symantec Security Response
    http://www.symantec.com/security_response/index.jsp
    WS.Reputation.1
    Updated:
    February 15, 2012 3:15:47 PM
    Type:
    Other
    Risk Impact:
    High
    Systems Affected:
    Windows 2000, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
    SUMMARY
    Behavior
    WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

    The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
    Antivirus Protection Dates
    Initial Rapid Release version October 2, 2014 revision 022
    Latest Rapid Release version October 2, 2014 revision 022
    Initial Daily Certified version March 27, 2009 revision 005
    Latest Daily Certified version April 20, 2010 revision 024
    Initial Weekly Certified release date April 1, 2009
    Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
    TECHNICAL DETAILS
    Symantec’s reputation technology system tracks the attributes of software files (applications, drivers and DLLs) from multiple sources, including:

    Anonymous data contributed by tens of millions of Norton Community Watch members
    Anonymous data contributed by enterprise customers in a data collection program tailored to large enterprises
    Data provided by software publishers
    Symantec’s Global Intelligence Network

    The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

    The system considers many aspects of a file, including file age, file download source, digital signature, and file prevalence. These attributes are combined using a proprietary algorithm to determine a file’s safety reputation. The system maintains a rating for all files rather than just malicious files. Each software file is given a GOOD, BAD or SUSPICIOUS rating.

    Symantec’s reputation-based security engine continuously monitors all files and over time a file’s reputation may change.

    REMOVAL

    WHITE-LISTING
    Software developers who want to accelerate the reputation building process for their new software applications should submit new applications to the Symantec white-listing program. Details of that program can be found here. https://submit.symantec.com/whitelist/


    DISPUTES
    If you believe that a program has been incorrectly classified by the Symantec reputation-based security system, then you may submit a dispute using this Web form.


    REMOVING A FILE FROM QUARANTINE
    It is possible to restore a file from quarantine to its previous location on your computer. This should only be done if you are certain that the file is not malicious. Symantec strongly recommend that you submit the file that was detected even if you choose to restore the file from quarantine.

    Norton users
    To learn how to restore a file from quarantine using Norton products, please read the following document:
    Restoring an item from the Quarantine

    Business users
    To learn how to restore a file from quarantine using Symantec Endpoint Protection products, please read the following document:
    Restoring a false positive from the Symantec Antivirus quarantine

  8. #8
    Retired Commander Phalynx.eu's Avatar
    Join Date
    Jan 2013
    Location
    Erlangen, Germany
    Posts
    2,127
    Same story each few months.

  9. #9
    Quote Originally Posted by Blade_Reaver.eu View Post
    I've updated my ADU to the latest version (with the link on the site 'http://www.vbaddict.net/download/ActiveDossierUploader.exe') and now Norton is supressing it due to a virus warning, namely 'Suspicious.Cloud.9'. http://www.symantec.com/security_res...052214-5723-99

    Is anyone else having a problem with the current version of ADU and does this version really have a problem or is the a false positive from my virus scanner?
    It is a trust issue. Symantec (Norton Anti-Virus or 360 et al) doesn't have enough users who have downloaded ADU to permit it to stay on a client computer, it automatically quarantines the file. Just have Norton give you the details, tell it to restore the file which then places the file in its 'trusted' list (preventing Norton from quarantining it in future).
    Through the mud and the blood to the green fields beyond.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •