Hi,
I just downloaded the WB Beta for Windows 8.
Norton detects a Virus / Malware or whatever it should be called "WS.Reputation.1" and the file gets autoamtically deleted.
I downloaded from the official Stardock link I got by email from them for the beta.
Here the Report of Norton:
WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories. The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.
So, what to do?
Uninstall Norton.
Someone needs to let Norton know that the program isn't even compatible with those systems. My advice would be to disable the AV until WB 8 is downloaded and installed.
Better yet, see reply #1
Norton has this irritating feature of believing anything it has no info on might be a virus and so it should claim it is.
You can ignore that warning in Norton for WB, it is simply because it is new that Norton knows nothing about it. There should be a white list option somewhere.
I would also urge you to consider an alternative AV supplier when you need to renew your subscription so that Norton get the message that they are causing harm to small software companies with their scare tactics.
Exactly.
Norton is the hardest virus to get rid of on your computer.
My Norton did not say anything about the beta and I downloaded it on day 1 - also if you trust a prog and it gets automatically deleted after the download open up Norton and tell it to restore the recently deleted file. if you want to know about the program use Norton insight ... I did it with all beta releases so far and Insight highlighted everything as green- You are more likely do get virus warnings on products such as stardock if you did not make a update of your definitions.
I understand Roloccolor's comment, and while Norton did have uninstall, etc. problems in the past (and Jafo hates it) it has improved greatly in recent times.
Let's remember this is a Support thread.
In this case you are not.
The net result of the feature is to scare potential customers away as they trust their AV vendor over some third party company they just discovered. This means Norton are in a position of trust and should be very careful what they say, but they seem happy to scare customers so they will renew their protection each year. This is a major problem for smaller companies as it is hard to get the feature to know much about an app when their AV deletes it before it can be run. The end result is we keep on having to send software to be white listed which can take I think upto a week each time for every single update.
If the file is signed then the right approach would be to simply inform the user that they do not know much about this software, but it is signed by XXXXX and perhaps link this back to the server info which would know that many apps signed by XXXX have been found to be perfectly valid and so chances are this one is also fine. Factor in the download location and you have a solution that rightly triggers on unknown threats while at the same time acting in a responsible manner and providing accurate information.
Neil i was still in editing forgive me im not that fast...take another lookBut Norton does not scare cutomers of from SD or others or wants them to stay away from you guys, if a file is brand new and barely anone has it - it gives you a fair warning and isolates the file as potential thread... i dont see nothing wrong about that. like i wrote that can be solved if you trust in a prog - just mark it as ok and restore it. But if you have it set to manual update - of course you get false warnings since your list is outdated.I downloaded all the betas so far and never ever had any issues with SD products,- So i have to say Insight of Norton is pretty fast all you have to do is make updates and im sure there wont be any prob at all - or explain to me why i have not gottn a deleted installer ? Im sure i would have contacted IRC about it right away as i normaly do.And its not Nortons fault if Person XXXX is to sorry "not able" and marks a file as potential threat if its perfectly fine.I dont see why someone would do something like that if he uses the same AV - unless by mistakeWhat i like to add is if a Person X downloads a beta that is not even "a Day old" and gets a warning from his AV like that he should think about it why it did warn him or why that did happen...Steps to take UPDATE VD check Insight- Insight has not enough info on this file ( barely used by any others ) take the file and make a online check on it virustotal for example. This way the "average user" is always safe.And if you are annoyed by insight disable "insight protection" - if turned on i recommend turning on auto update aswellSince this warning of stardock could not have existed than far more than a day and if the user did his updates like he/she should i dont see why there is so much anger about of 12-24 hour warning... its not like Norton bans his cutomers from downloading SD products.But then again im not here to protect Norton i know it had been not great over the past but i gave it another shot and i must say currently i cant complain.Lavasoft Eset Avira are worse compared to the service you get and they did not detect files that are a real threats.Sorry Doc ... i let go now
Rolocolor....there are two types of computer programs.
Only two.
One is a program FOR your computer.
The other is a program that [is allowed seemingly to] falsely SLANDER other legitimate programs without opportunity for recourse or restitution.
WHEN I discover my use of a program that falls into that second category too-bloody-well I write it off as RUBBISH and choose one that is itself sufficiently competently written to NOT do what Norton does so well and STILL does.
Advice in #1 therefore is entirely appropriate....
Oh...to add....
This is a support forum thread so the correct response will be Neil's...
The warning CAN be ignored. It is what is [too often in the trade] called a 'false-positive'....
I have to agree...especially when they're guilty of putting out "scareware" http://drjbhl.joeuser.com/article/414579/Norton_PC_Checkup_Tool
and updates which crashed XP systems - http://drjbhl.joeuser.com/article/428384/Norton_Update_Crashing_XP_Computers_Endpoint_121_Is_The_Culprit
That together with code of theirs which was leaked (by the Indian military), makes their software less than desirable.
I don't trust Norton, in spite of the so called advances in their software. When this laptop was new Norton was one of the pre-installed apps. I let it run its course then ditched it and installed the ones i normally use. During Norton's time on this lappy it missed most of what my other A/V's caught. I can't see spending hard earned bucks on something that a freebie does much better.
i tested my machine with Hitman Pro and VirusTotal.
about 5 reputable AV vendors (like Bit Defender and F-Secure) throw warning about malware by files either modified or created by WindowBlinds.
it would be nice if this was fixed.
Could you post the report please.
Hitman Pro flags 3 files as malware:
* C:\Windows\SysWOW64\netprofm.dll* C:\Windows\SysWOW64\themeui.dll* C:\Windows\SysWOW64\wmdrmsdk.dll
here's the analysis of the third file by VirusTotal:https://www.virustotal.com/en/file/bffeabddec122390075d48e88a185d7f420b52dbf540c69b8de940c29090ba42/analysis/
the other 2 files are also flagged by VirusTotal.----here's the output from Hitman Pro:
HitmanPro 3.7.6.201www.hitmanpro.com Computer name . . . . : XXXX Windows . . . . . . . : 6.2.0.9200.X64/4 User name . . . . . . : XXXX/XXXX UAC . . . . . . . . . : Enabled License . . . . . . . : Free Scan date . . . . . . : 2013-06-29 12:57:10 Scan mode . . . . . . : Normal Scan duration . . . . : 45s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 27 Traces . . . . . . . : 27 Objects scanned . . . : 804,719 Files scanned . . . . : 14,203 Remnants scanned . . : 127,468 files / 663,048 keysMalware _____________________________________________________________________ C:\Windows\SysWOW64\netprofm.dll Size . . . . . . . : 183,808 bytes Age . . . . . . . : -0.1 days (2013-06-29 16:13:39) Entropy . . . . . : 6.5 SHA-256 . . . . . : 5F36DFDBE62A7C01EBA706F72DE0B79FAB911D170A32876EAB91682A1D549576 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Network List Manager Version . . . . . : 6.3.9431.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. > G Data . . . . . . : Gen:Variant.Graftor.2609 Fuzzy . . . . . . : 106.0 C:\Windows\SysWOW64\themeui.dll Size . . . . . . . : 2,810,368 bytes Age . . . . . . . : -0.1 days (2013-06-29 16:13:41) Entropy . . . . . : 4.3 SHA-256 . . . . . : 7CB451171E1B6DB2CFFC27B31E340D21DABD85EE42F315DAE2C0229BBFB4CC80 Product . . . . . : Microsoft® Windows® Operating System Publisher . . . . : Microsoft Corporation Description . . . : Windows Theme API Version . . . . . : 6.3.9431.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. > G Data . . . . . . : Gen:Variant.Graftor.3672 Fuzzy . . . . . . : 106.0 C:\Windows\SysWOW64\wmdrmsdk.dll Size . . . . . . . : 468,480 bytes Age . . . . . . . : -0.1 days (2013-06-29 16:13:42) Entropy . . . . . : 6.93:04 PM 2013-06-29 SHA-256 . . . . . : BFFEABDDEC122390075D48E88A185D7F420B52DBF540C69B8DE940C29090BA42 Product . . . . . : Microsoft® DRM Publisher . . . . : Microsoft Corporation Description . . . : Windows Media DRM SDK DLL Version . . . . . : 11.0.9431.0 Copyright . . . . : © Microsoft Corporation. All rights reserved. > G Data . . . . . . : Gen:Trojan.Heur2.LP.Cu8@aGFr4Iii Fuzzy . . . . . . : 106.0
Looking at those file names I think something else may be going on.
None of those dlls are Stardock ones and WindowBlinds does not replace any OS files, so if they fail AV checks via VirusTotal then you have something else on your machine that is possibly infecting files.
Why did you think they had anything to do with WindowBlinds?
because i did a clean install of Windows 8.1, installed Hitman Pro and WindowBlinds right after and scanned with Hitman Pro.
the only way to be absolutely sure this is caused by WindoBlinds would be to re-install Windows 8.1 and scan right after with Hitman to see if i get the same results.
give me about an hour or so...
update:
sorry to have wasted your time.
I did a clean install of Windows 8.1 then installed Hitman Pro without installing WindowBlinds.
the same 3 files are flagged as malware so the problem is with Microsoft, not WindowBlinds.
very much sorry for the confusion.
feel free to delete the whole mess please.
Sounds MORE like the problem is with Hitman Pro ....
Indeed.
you're partly right.
there are about 7 antivirus programs who flag those files as malware when they are in fact legit.
Avast and MSE, and AVG flag my gadgets as malware.
Not MalwareBytes and MSE doesn't do that to the gadgets I have and I got plenty of gadgets.
There are many great features available to you once you register, including:
Sign in or Create Account
